{"id": "CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3", "type": "cisa", "bulletinFamily": "info", "title": "Google Releases Security Updates for Chrome", "description": "Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability\u2014CVE-2021-37973\u2014that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild.\n\nCISA encourages users and administrators to review the [Chrome Release Note](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html >) and apply the necessary update as soon as possible.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/google-releases-security-updates-chrome>); we'd welcome your feedback.\n", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/google-releases-security-updates-chrome", "reporter": "CISA", "references": ["https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T18:08:39", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1339.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T18:08:39", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-10-15T18:08:39", "rev": 2}, "vulnersScore": 4.5}, "wildExploited": false}

{"attackerkb": [{"id": "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "hash": "477a4b5341ed2d2e8994eb71efb3ca7c", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-10-08T00:00:00", "modified": "2021-10-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/o1WP6FeDo0/cve-2021-37973", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T07:41:38", "history": [{"bulletin": {"id": "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "hash": "f4e9138c05c3ac2f86e2eaf3e63222e9", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-08-03T00:00:00", "modified": "2021-08-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/o1WP6FeDo0/cve-2021-37973", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-04T22:42:47", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-04T22:42:47", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2021-10-04T22:42:47", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "published": "2021-09-24T19:29:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-09-24T19:29:00"}, "lastseen": "2021-10-04T22:42:47", "differentElements": ["description", "last_activity", "modified", "published", "references", "references_categories"], "edition": 1}, {"bulletin": {"id": "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "hash": "5a26b942cae5e13111e96e0fc74d4e5c", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-10-08T00:00:00", "modified": "2021-10-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/o1WP6FeDo0/cve-2021-37973", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-08T22:43:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-04T22:42:47", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2021-10-04T22:42:47", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "published": "2021-09-24T19:29:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "Miscellaneous": ["https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-10-08T00:00:00"}, "lastseen": "2021-10-08T22:43:32", "differentElements": ["references", "references_categories"], "edition": 2}, {"bulletin": {"id": "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "hash": "3cf78dd3adb6a917f247fb47ad361804", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-10-08T00:00:00", "modified": "2021-10-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/o1WP6FeDo0/cve-2021-37973", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-09T04:43:04", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-04T22:42:47", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2021-10-04T22:42:47", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "published": "2021-09-24T19:29:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "Advisory": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/"], "Miscellaneous": ["https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-10-08T00:00:00"}, "lastseen": "2021-10-09T04:43:04", "differentElements": ["last_activity", "modified"], "edition": 3}, {"bulletin": {"id": "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "hash": "97c3470e2ce5725786b767109039e7b2", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-10-08T00:00:00", "modified": "2021-10-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://attackerkb.com/topics/o1WP6FeDo0/cve-2021-37973", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-09T07:41:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-09T07:41:26", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-10-09T07:41:26", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "published": "2021-09-24T19:29:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "Advisory": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/"], "Miscellaneous": ["https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-10-09T00:00:00"}, "lastseen": "2021-10-09T07:41:26", "differentElements": ["cvss", "last_activity", "modified"], "edition": 4}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T07:41:38", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-10-15T07:41:38", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"Vendor Advisory": ""}, "wildExploitedReports": [{"category": "Vendor Advisory", "source_url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "published": "2021-09-24T19:29:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "Advisory": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/"], "Miscellaneous": ["https://crbug.com/1251727", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-10-15T00:00:00", "_object_type": "robots.models.attackerkb.AttackerKB", "_object_types": ["robots.models.base.Bulletin", "robots.models.attackerkb.AttackerKB"]}], "cve": [{"id": "CVE-2021-37973", "bulletinFamily": "NVD", "title": "CVE-2021-37973", "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "published": "2021-10-08T22:15:00", "modified": "2021-10-14T23:18:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37973", "reporter": "chrome-cve-admin@google.com", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "type": "cve", "lastseen": "2021-10-15T07:28:48", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-37973"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-10-09T07:28:40", "references": [{"idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"], "type": "freebsd"}, {"idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"], "type": "cisa"}, {"idList": ["KLA12298", "KLA12299"], "type": "kaspersky"}, {"idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "OPENSUSE-2021-1350.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"], "type": "suse"}, {"idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"], "type": "hivepro"}, {"idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"], "type": "thn"}, {"idList": ["MS:CVE-2021-37973"], "type": "mscve"}, {"idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"], "type": "attackerkb"}, {"idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"], "type": "fedora"}, {"idList": ["UB:CVE-2021-37973"], "type": "ubuntucve"}], "rev": 2}, "exploitation": {"modified": "2021-10-09T07:28:40", "wildExploited": true, "wildExploitedSources": [{"idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"], "type": "attackerkb"}]}, "score": {"modified": "2021-10-09T07:28:40", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "FEDORA-2021-ab09a05562", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/"}, {"name": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "refsource": "MISC", "tags": [], "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"}, {"name": "https://crbug.com/1251727", "refsource": "MISC", "tags": [], "url": "https://crbug.com/1251727"}], "hash": "1857d328f9af748eca86983c7bd872f10f72cedad23e24a1f42f7d6b9310af92", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "5cc7fadff395e43c4e3234f64260b83c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b2c02dac179b11b881b53a52509a98eb", "key": "modified"}, {"hash": "720a65c98dccb3e460945dc1a0aeb894", "key": "description"}, {"hash": "756300476bc733dcc33dfa7891391c99", "key": "published"}, {"hash": "0670adfb1729ca955c99f771375c8484", "key": "cvelist"}, {"hash": "8f8c3a5aef6f60790a89765670d8d6e0", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "0ecd716de4dc1b5ccbb3afb59bb5d0e8", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6bd3cd82aab894a61e23d229162d6d05", "key": "extraReferences"}, {"hash": "d7eed91b598220656167f7236fe34301", "key": "title"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37973", "id": "CVE-2021-37973", "immutableFields": [], "lastseen": "2021-10-09T07:28:40", "modified": "2021-10-09T03:35:00", "objectVersion": "1.6", "published": "2021-10-08T22:15:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://crbug.com/1251727"], "reporter": "chrome-cve-admin@google.com", "title": "CVE-2021-37973", "type": "cve", "viewCount": 8}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-10-09T07:28:40"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2a429d1d5ba4d09d8ed17702cf9bdbdf"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e86faf9fdc292a0675f74ea526b5a508"}, {"key": "cpe23", "hash": "d16bd16383a96af31f170ebf77664f59"}, {"key": "cpeConfiguration", "hash": "d788f8799cf33bb0644709eade69a102"}, {"key": "cvelist", "hash": "0670adfb1729ca955c99f771375c8484"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "6e8bd440f4fb55ae63bba09dfc27a808"}, {"key": "description", "hash": "720a65c98dccb3e460945dc1a0aeb894"}, {"key": "extraReferences", "hash": "5eb3bfd80a4cf714b1fb84d72fbdf180"}, {"key": "href", "hash": "8f8c3a5aef6f60790a89765670d8d6e0"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "604eb5725b819ea6bfc12fde47b4a6b7"}, {"key": "published", "hash": "756300476bc733dcc33dfa7891391c99"}, {"key": "references", "hash": "5cc7fadff395e43c4e3234f64260b83c"}, {"key": "reporter", "hash": "0ecd716de4dc1b5ccbb3afb59bb5d0e8"}, {"key": "title", "hash": "d7eed91b598220656167f7236fe34301"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ec98052140beb6f8567ca6db3dffd0790f56166ee693211262e8c76171094c9a", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T07:28:48", "rev": 2}, "exploitation": {"wildExploited": true, "wildExploitedSources": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}], "modified": "2021-10-15T07:28:48"}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-10-15T07:28:48", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/o:fedoraproject:fedora:33"], "affectedSoftware": [{"cpeName": "google:chrome", "name": "google chrome", "operator": "lt", "version": "94.0.4606.61"}, {"cpeName": "fedoraproject:fedora", "name": "fedoraproject fedora", "operator": "eq", "version": "33"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:94.0.4606.61:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "94.0.4606.61", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"}, {"name": "FEDORA-2021-ab09a05562", "refsource": "FEDORA", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/"}, {"name": "https://crbug.com/1251727", "refsource": "MISC", "tags": ["Vendor Advisory", "Permissions Required"], "url": "https://crbug.com/1251727"}], "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"], "cwe": ["CWE-416"], "scheme": null}], "ubuntucve": [{"id": "UB:CVE-2021-37973", "hash": "555d42481484006d7536db256682ac39", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap \n[sbeattie](<https://launchpad.net/~sbeattie>) | active exploitation in the wild\n", "published": "2021-09-28T00:00:00", "modified": "2021-09-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2021-37973", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "https://launchpad.net/bugs/cve/CVE-2021-37973", "https://security-tracker.debian.org/tracker/CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T21:22:58", "history": [{"bulletin": {"id": "UB:CVE-2021-37973", "hash": "7fc38b3f685d336bb63de3eabaaa5141", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap \n[sbeattie](<https://launchpad.net/~sbeattie>) | active exploitation in the wild\n", "published": "2021-09-28T00:00:00", "modified": "2021-09-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2021-37973", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "https://launchpad.net/bugs/cve/CVE-2021-37973", "https://security-tracker.debian.org/tracker/CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-29T21:20:37", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-09-29T21:20:37", "rev": 2}, "score": {"value": 2.9, "vector": "NONE", "modified": "2021-09-29T21:20:37", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "94.0.4606.61", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}], "bugs": []}, "lastseen": "2021-09-29T21:20:37", "differentElements": ["affectedPackage"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2021-37973", "hash": "9080c6b1bcbdc502e5306263d9fe5ee9", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-37973", "description": "Use after free in Portals.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap \n[sbeattie](<https://launchpad.net/~sbeattie>) | active exploitation in the wild\n", "published": "2021-09-28T00:00:00", "modified": "2021-09-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2021-37973", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "https://launchpad.net/bugs/cve/CVE-2021-37973", "https://security-tracker.debian.org/tracker/CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-07T21:19:14", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-07T21:19:14", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-10-07T21:19:14", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "94.0.4606.61", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "94.0.4606.71-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}], "bugs": []}, "lastseen": "2021-10-07T21:19:14", "differentElements": ["cvss"], "edition": 2}], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-15T21:22:58", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-10-15T21:22:58", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "94.0.4606.61", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "94.0.4606.71-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium-browser"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.ubuntucve.UbuntuCVEBulletin"]}], "mscve": [{"id": "MS:CVE-2021-37973", "hash": "2b384b973400b5f0014ba60a573eb321", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-22T14:48:10", "history": [{"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T04:44:54", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-25T04:44:54", "differentElements": ["msAffectedSoftware"], "edition": 1}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T23:06:32", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-25T23:06:32", "differentElements": ["msAffectedSoftware"], "edition": 2}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T00:42:48", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T00:42:48", "differentElements": ["msAffectedSoftware"], "edition": 3}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T08:43:16", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T08:43:16", "differentElements": ["msAffectedSoftware"], "edition": 4}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T20:44:18", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-26T20:44:18", "differentElements": ["msAffectedSoftware"], "edition": 5}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-28T08:51:52", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T08:51:52", "differentElements": ["msAffectedSoftware"], "edition": 6}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-28T10:40:26", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-28T10:40:26", "differentElements": ["msAffectedSoftware"], "edition": 7}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-29T08:46:30", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T08:46:30", "differentElements": ["msAffectedSoftware"], "edition": 8}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-29T10:42:08", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T04:44:54", "rev": 2}, "score": {"value": 2.2, "vector": "NONE", "modified": "2021-09-25T04:44:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-29T10:42:08", "differentElements": ["msAffectedSoftware"], "edition": 9}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-30T06:45:54", "history": [], "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-30T06:45:54", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-09-30T06:45:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T06:45:54", "differentElements": ["msAffectedSoftware"], "edition": 10}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-30T20:43:43", "history": [], "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-30T06:45:54", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-09-30T06:45:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-09-30T20:43:43", "differentElements": ["msAffectedSoftware"], "edition": 11}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T06:42:27", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-30T06:45:54", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-09-30T06:45:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T06:42:27", "differentElements": ["msAffectedSoftware"], "edition": 12}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "4cf5106baea6a141a85448c3b3918384", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T09:05:24", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-30T06:45:54", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-09-30T06:45:54", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T09:05:24", "differentElements": ["msAffectedSoftware"], "edition": 13}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "1762c58e7a62826e9007ebafc5ab0e27", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T12:42:32", "history": [], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-01T12:42:32", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-10-01T12:42:32", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {}}, "lastseen": "2021-10-01T12:42:32", "differentElements": ["msAffectedSoftware", "vendorCvss"], "edition": 14}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "5fcaaefa53a288c1ebd89a18e6434837", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-04T22:43:16", "history": [], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-04T22:43:16", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-10-04T22:43:16", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}, "lastseen": "2021-10-04T22:43:16", "differentElements": ["msAffectedSoftware"], "edition": 15}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "3e601ce80f49b10dfb490ce9a47f4a3e", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-06T08:41:33", "history": [], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-04T22:43:16", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-10-04T22:43:16", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}, {"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}, "lastseen": "2021-10-06T08:41:33", "differentElements": ["msAffectedSoftware"], "edition": 16}, {"bulletin": {"id": "MS:CVE-2021-37973", "hash": "5fcaaefa53a288c1ebd89a18e6434837", "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-37973 Use after free in Portals", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "published": "2021-09-24T16:42:29", "modified": "2021-09-24T16:42:29", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-37973", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-06T10:45:56", "history": [], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-06T10:45:56", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-06T10:45:56", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}, "lastseen": "2021-10-06T10:45:56", "differentElements": ["cvss"], "edition": 17}], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1339.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-22T14:48:10", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-22T14:48:10", "rev": 2}}, "objectVersion": "1.6", "kbList": ["KBRelease Notes"], "msrc": "", "mscve": "CVE-2021-37973", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "KBRelease Notes", "msplatform": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}, "_object_type": "robots.models.mscve.MsCveBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.mscve.MsCveBulletin"]}], "hivepro": [{"id": "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724", "hash": "0389758bc03deb88887777e5cf475141", "type": "hivepro", "bulletinFamily": "info", "title": "Chrome\u2019s eleventh zero-day vulnerability for the year 2021 has been patched", "description": "#### THREAT LEVEL: Amber.\n\nFor a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/09/TA202138.pdf>)\n\nA vulnerability in Chrome and Microsoft edge(Chromium based) exists as a result of a use-after-free issue when processing HTML data in Google Chrome&#x27;s Portals component. A remote attacker can create a specially designed site, fool the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the machine. This vulnerability has also been exploited in the wild. Google has issued an emergency update (94.0.4606.61) addressing the problem.\n\n#### Vulnerability Details\n\n#### \n\n**CVE ID** | **Affected Products** | **Affected CPE** | **Vulnerability Name** | **CWE ID** \n---|---|---|---|--- \nCVE-2021-37973 | Google Chrome up to 93.0.4577.82, Microsoft Edge (Chromium-based) up to 93.0.961.52 | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*, \ncpe:2.3:a:microsoft:microsoft_edge_\\\\(chromium-based\\\\):*:*:*:*:*::*:* | Use after free in Portals. | CWE-416 \n \n#### Patch Link\n\n<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>\n\n#### References\n\n<https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/>\n\n<https://www.cybersecurity-help.cz/vdb/SB2021092428>", "published": "2021-09-26T08:02:45", "modified": "2021-09-26T08:02:45", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.hivepro.com/chromes-eleventh-zero-day-vulnerability-for-the-year-2021-has-been-patched/", "reporter": "Hive Pro", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T09:19:39", "history": [{"bulletin": {"id": "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724", "hash": "acd7dd70381202f4cd2593e5ddca0522", "type": "hivepro", "bulletinFamily": "info", "title": "Chrome\u2019s eleventh zero-day vulnerability for the year 2021 has been patched", "description": "#### THREAT LEVEL: Amber.\n\nFor a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/09/TA202138.pdf>)\n\nA vulnerability in Chrome and Microsoft edge(Chromium based) exists as a result of a use-after-free issue when processing HTML data in Google Chrome&#x27;s Portals component. A remote attacker can create a specially designed site, fool the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the machine. This vulnerability has also been exploited in the wild. Google has issued an emergency update (94.0.4606.61) addressing the problem.\n\n#### Vulnerability Details\n\n#### \n\n**CVE ID** | **Affected Products** | **Affected CPE** | **Vulnerability Name** | **CWE ID** \n---|---|---|---|--- \nCVE-2021-37973 | Google Chrome up to 93.0.4577.82, Microsoft Edge (Chromium-based) up to 93.0.961.52 | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*, \ncpe:2.3:a:microsoft:microsoft_edge_\\\\(chromium-based\\\\):*:*:*:*:*::*:* | Use after free in Portals. | CWE-416 \n \n#### Patch Link\n\n<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>\n\n#### References\n\n<https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/>\n\n<https://www.cybersecurity-help.cz/vdb/SB2021092428>", "published": "2021-09-26T08:02:45", "modified": "2021-09-26T08:02:45", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.hivepro.com/chromes-eleventh-zero-day-vulnerability-for-the-year-2021-has-been-patched/", "reporter": "Hive Pro", "references": [], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T09:19:08", "history": [], "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-09-26T09:19:08", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-09-26T09:19:08", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-26T09:19:08", "differentElements": ["cvss"], "edition": 1}], "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T09:19:39", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-10-15T09:19:39", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"]}], "kaspersky": [{"id": "KLA12298", "hash": "6d9c07dbb861731ded2e40f73957b710", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA12298 Use after free vulnerability in Google Chrome", "description": "### *Detect date*:\n09/24/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nUse after free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 94.0.4606.61\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>)0.0Unknown", "published": "2021-09-24T00:00:00", "modified": "2021-09-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA12298/", "reporter": "Kaspersky Lab", "references": ["https://www.google.com/chrome/", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://threats.kaspersky.com/en/product/Google-Chrome/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T08:56:12", "history": [{"bulletin": {"id": "KLA12298", "hash": "f9d37e79b4281d79d50e2c4174e96a2d", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA12298 Use after free vulnerability in Google Chrome", "description": "### *Detect date*:\n09/24/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nUse after free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 94.0.4606.61\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>)0.0Unknown", "published": "2021-09-24T00:00:00", "modified": "2021-09-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA12298/", "reporter": "Kaspersky Lab", "references": ["https://www.google.com/chrome/", "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html", "https://threats.kaspersky.com/en/product/Google-Chrome/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-30T09:02:54", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "kaspersky", "idList": ["KLA12299"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-09-30T09:02:54", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-30T09:02:54", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-30T09:02:54", "differentElements": ["cvss"], "edition": 1}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "kaspersky", "idList": ["KLA12299"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T08:56:12", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-15T08:56:12", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.kaspersky.KasperskyBulletin", "_object_types": ["robots.models.kaspersky.KasperskyBulletin", "robots.models.base.Bulletin"]}, {"id": "KLA12299", "hash": "e7441969d3052d2877cbe409a8c568f8", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA12299 Multiple vulnerabilities in Microsoft Browser", "description": "### *Detect date*:\n09/24/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-37961](<https://nvd.nist.gov/vuln/detail/CVE-2021-37961>) \n[CVE-2021-37962](<https://nvd.nist.gov/vuln/detail/CVE-2021-37962>) \n[CVE-2021-37968](<https://nvd.nist.gov/vuln/detail/CVE-2021-37968>) \n[CVE-2021-37969](<https://nvd.nist.gov/vuln/detail/CVE-2021-37969>) \n[CVE-2021-37963](<https://nvd.nist.gov/vuln/detail/CVE-2021-37963>) \n[CVE-2021-37967](<https://nvd.nist.gov/vuln/detail/CVE-2021-37967>) \n[CVE-2021-37958](<https://nvd.nist.gov/vuln/detail/CVE-2021-37958>) \n[CVE-2021-37965](<https://nvd.nist.gov/vuln/detail/CVE-2021-37965>) \n[CVE-2021-37970](<https://nvd.nist.gov/vuln/detail/CVE-2021-37970>) \n[CVE-2021-37959](<https://nvd.nist.gov/vuln/detail/CVE-2021-37959>) \n[CVE-2021-37956](<https://nvd.nist.gov/vuln/detail/CVE-2021-37956>) \n[CVE-2021-37973](<https://nvd.nist.gov/vuln/detail/CVE-2021-37973>) \n[CVE-2021-37972](<https://nvd.nist.gov/vuln/detail/CVE-2021-37972>) \n[CVE-2021-37966](<https://nvd.nist.gov/vuln/detail/CVE-2021-37966>) \n[CVE-2021-37971](<https://nvd.nist.gov/vuln/detail/CVE-2021-37971>) \n[CVE-2021-37960](<https://nvd.nist.gov/vuln/detail/CVE-2021-37960>) \n[CVE-2021-37957](<https://nvd.nist.gov/vuln/detail/CVE-2021-37957>) \n[CVE-2021-37964](<https://nvd.nist.gov/vuln/detail/CVE-2021-37964>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-37959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959>)0.0Unknown \n[CVE-2021-37972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972>)0.0Unknown \n[CVE-2021-37965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965>)0.0Unknown \n[CVE-2021-37971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971>)0.0Unknown \n[CVE-2021-37966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966>)0.0Unknown \n[CVE-2021-37963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963>)0.0Unknown \n[CVE-2021-37958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958>)0.0Unknown \n[CVE-2021-37962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962>)0.0Unknown \n[CVE-2021-37964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964>)0.0Unknown \n[CVE-2021-37969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969>)0.0Unknown \n[CVE-2021-37970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970>)0.0Unknown \n[CVE-2021-37967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967>)0.0Unknown \n[CVE-2021-37956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956>)0.0Unknown \n[CVE-2021-37961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961>)0.0Unknown \n[CVE-2021-37968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968>)0.0Unknown \n[CVE-2021-37957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957>)0.0Unknown \n[CVE-2021-37960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960>)0.0Unknown \n[CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>)0.0Unknown", "published": "2021-09-24T00:00:00", "modified": "2021-09-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA12299/", "reporter": "Kaspersky Lab", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2021-37961", "https://nvd.nist.gov/vuln/detail/CVE-2021-37962", "https://nvd.nist.gov/vuln/detail/CVE-2021-37968", "https://nvd.nist.gov/vuln/detail/CVE-2021-37969", "https://nvd.nist.gov/vuln/detail/CVE-2021-37963", "https://nvd.nist.gov/vuln/detail/CVE-2021-37967", "https://nvd.nist.gov/vuln/detail/CVE-2021-37958", "https://nvd.nist.gov/vuln/detail/CVE-2021-37965", "https://nvd.nist.gov/vuln/detail/CVE-2021-37970", "https://nvd.nist.gov/vuln/detail/CVE-2021-37959", "https://nvd.nist.gov/vuln/detail/CVE-2021-37956", "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "https://nvd.nist.gov/vuln/detail/CVE-2021-37972", "https://nvd.nist.gov/vuln/detail/CVE-2021-37966", "https://nvd.nist.gov/vuln/detail/CVE-2021-37971", "https://nvd.nist.gov/vuln/detail/CVE-2021-37960", "https://nvd.nist.gov/vuln/detail/CVE-2021-37957", "https://nvd.nist.gov/vuln/detail/CVE-2021-37964", "https://threats.kaspersky.com/en/product/Microsoft-Edge/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-13T12:53:13", "history": [{"bulletin": {"id": "KLA12299", "hash": "a5d308ff730ad6f4c68f74331fe94ed0", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA12299 Multiple vulnerabilities in Microsoft Browser", "description": "### *Detect date*:\n09/24/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-37961](<https://nvd.nist.gov/vuln/detail/CVE-2021-37961>) \n[CVE-2021-37962](<https://nvd.nist.gov/vuln/detail/CVE-2021-37962>) \n[CVE-2021-37968](<https://nvd.nist.gov/vuln/detail/CVE-2021-37968>) \n[CVE-2021-37969](<https://nvd.nist.gov/vuln/detail/CVE-2021-37969>) \n[CVE-2021-37963](<https://nvd.nist.gov/vuln/detail/CVE-2021-37963>) \n[CVE-2021-37967](<https://nvd.nist.gov/vuln/detail/CVE-2021-37967>) \n[CVE-2021-37958](<https://nvd.nist.gov/vuln/detail/CVE-2021-37958>) \n[CVE-2021-37965](<https://nvd.nist.gov/vuln/detail/CVE-2021-37965>) \n[CVE-2021-37970](<https://nvd.nist.gov/vuln/detail/CVE-2021-37970>) \n[CVE-2021-37959](<https://nvd.nist.gov/vuln/detail/CVE-2021-37959>) \n[CVE-2021-37956](<https://nvd.nist.gov/vuln/detail/CVE-2021-37956>) \n[CVE-2021-37973](<https://nvd.nist.gov/vuln/detail/CVE-2021-37973>) \n[CVE-2021-37972](<https://nvd.nist.gov/vuln/detail/CVE-2021-37972>) \n[CVE-2021-37966](<https://nvd.nist.gov/vuln/detail/CVE-2021-37966>) \n[CVE-2021-37971](<https://nvd.nist.gov/vuln/detail/CVE-2021-37971>) \n[CVE-2021-37960](<https://nvd.nist.gov/vuln/detail/CVE-2021-37960>) \n[CVE-2021-37957](<https://nvd.nist.gov/vuln/detail/CVE-2021-37957>) \n[CVE-2021-37964](<https://nvd.nist.gov/vuln/detail/CVE-2021-37964>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-37959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959>)0.0Unknown \n[CVE-2021-37972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972>)0.0Unknown \n[CVE-2021-37965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965>)0.0Unknown \n[CVE-2021-37971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971>)0.0Unknown \n[CVE-2021-37966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966>)0.0Unknown \n[CVE-2021-37963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963>)0.0Unknown \n[CVE-2021-37958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958>)0.0Unknown \n[CVE-2021-37962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962>)0.0Unknown \n[CVE-2021-37964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964>)0.0Unknown \n[CVE-2021-37969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969>)0.0Unknown \n[CVE-2021-37970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970>)0.0Unknown \n[CVE-2021-37967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967>)0.0Unknown \n[CVE-2021-37956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956>)0.0Unknown \n[CVE-2021-37961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961>)0.0Unknown \n[CVE-2021-37968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968>)0.0Unknown \n[CVE-2021-37957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957>)0.0Unknown \n[CVE-2021-37960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960>)0.0Unknown \n[CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>)0.0Unknown", "published": "2021-09-24T00:00:00", "modified": "2021-09-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA12299/", "reporter": "Kaspersky Lab", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2021-37961", "https://nvd.nist.gov/vuln/detail/CVE-2021-37962", "https://nvd.nist.gov/vuln/detail/CVE-2021-37968", "https://nvd.nist.gov/vuln/detail/CVE-2021-37969", "https://nvd.nist.gov/vuln/detail/CVE-2021-37963", "https://nvd.nist.gov/vuln/detail/CVE-2021-37967", "https://nvd.nist.gov/vuln/detail/CVE-2021-37958", "https://nvd.nist.gov/vuln/detail/CVE-2021-37965", "https://nvd.nist.gov/vuln/detail/CVE-2021-37970", "https://nvd.nist.gov/vuln/detail/CVE-2021-37959", "https://nvd.nist.gov/vuln/detail/CVE-2021-37956", "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "https://nvd.nist.gov/vuln/detail/CVE-2021-37972", "https://nvd.nist.gov/vuln/detail/CVE-2021-37966", "https://nvd.nist.gov/vuln/detail/CVE-2021-37971", "https://nvd.nist.gov/vuln/detail/CVE-2021-37960", "https://nvd.nist.gov/vuln/detail/CVE-2021-37957", "https://nvd.nist.gov/vuln/detail/CVE-2021-37964", "https://threats.kaspersky.com/en/product/Microsoft-Edge/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-30T09:02:54", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA12298", "KLA12294"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL"]}, {"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:B97503020A86", "FEDORA:1C5A430C4EB3", "FEDORA:E043930AE6E8"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37966", "UB:CVE-2021-37958", "UB:CVE-2021-37971", "UB:CVE-2021-37956", "UB:CVE-2021-37973", "UB:CVE-2021-37964", "UB:CVE-2021-37965", "UB:CVE-2021-37962", "UB:CVE-2021-37970", "UB:CVE-2021-37963", "UB:CVE-2021-37969", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37972", "UB:CVE-2021-37959", "UB:CVE-2021-37960"]}, {"type": "cve", "idList": ["CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37958", "CVE-2021-37965", "CVE-2021-37972", "CVE-2021-37959", "CVE-2021-37962", "CVE-2021-37969", "CVE-2021-37957", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37966", "CVE-2021-37964", "CVE-2021-37970", "CVE-2021-37967"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37963", "MS:CVE-2021-37973", "MS:CVE-2021-37957", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37964", "MS:CVE-2021-37971", "MS:CVE-2021-37972", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37969", "MS:CVE-2021-37967", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37966", "MS:CVE-2021-37962", "MS:CVE-2021-37956", "MS:CVE-2021-37965"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-30T09:02:54", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-30T09:02:54", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-30T09:02:54", "differentElements": ["cvss"], "edition": 1}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA12294", "KLA12298"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37960", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37964", "UB:CVE-2021-37969", "UB:CVE-2021-37968", "UB:CVE-2021-37966", "UB:CVE-2021-37956", "UB:CVE-2021-37962", "UB:CVE-2021-37973", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37966", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37962", "CVE-2021-37970", "CVE-2021-37958", "CVE-2021-37967", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37965", "CVE-2021-37971", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37968", "CVE-2021-37969"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37956", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37969", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37962", "MS:CVE-2021-37957", "MS:CVE-2021-37963", "MS:CVE-2021-37971", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37968", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37965"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-13T12:53:13", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-10-13T12:53:13", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.kaspersky.KasperskyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.kaspersky.KasperskyBulletin"]}], "freebsd": [{"id": "B6C875F1-1D76-11EC-AE80-704D7B472482", "bulletinFamily": "unix", "title": "chromium -- use after free in Portals", "description": "\nChrome Releases reports:\n\n][1251727] High CVE-2021-37973 : Use after free in Portals.\n\t Reported by Clement Lecigne from Google TAG, with technical\n\t assistance from Sergei Glazunov and Mark Brand from Google Project\n\t Zero on 2021-09-21\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n\n", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html", "reporter": "FreeBSD", "references": ["https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "type": "freebsd", "lastseen": "2021-10-15T08:33:20", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "94.0.4606.61"}], "bulletinFamily": "unix", "cvelist": ["CVE-2021-37973"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "description": "\nChrome Releases reports:\n\n][1251727] High CVE-2021-37973 : Use after free in Portals.\n\t Reported by Clement Lecigne from Google TAG, with technical\n\t assistance from Sergei Glazunov and Mark Brand from Google Project\n\t Zero on 2021-09-21\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\n\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-09-30T20:33:14", "references": [{"idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"], "type": "cisa"}, {"idList": ["KLA12298", "KLA12299"], "type": "kaspersky"}, {"idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "OPENSUSE-2021-1350.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"], "type": "suse"}, {"idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"], "type": "hivepro"}, {"idList": ["CVE-2021-37973"], "type": "cve"}, {"idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"], "type": "thn"}, {"idList": ["MS:CVE-2021-37973"], "type": "mscve"}, {"idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"], "type": "attackerkb"}, {"idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"], "type": "fedora"}, {"idList": ["UB:CVE-2021-37973"], "type": "ubuntucve"}], "rev": 2}, "score": {"modified": "2021-09-30T20:33:14", "rev": 2, "value": 5.3, "vector": "NONE"}}, "hash": "a37a4a6a0e972cab26a1463df01ae2ff1c6b5acf66bf4e59c8d0079cf386315c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "411a9b547ed7f27ba8dfb9aa7d6d16f4", "key": "href"}, {"hash": "178b31a5d7942af49c11ebff8770904b", "key": "affectedPackage"}, {"hash": "02df48a97999ec599f45f45b588a1eda", "key": "modified"}, {"hash": "1f433a5307c3c2584e3b8e81d72850f6", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "0670adfb1729ca955c99f771375c8484", "key": "cvelist"}, {"hash": "f8485443df68a30a7da5031c02e67fc2", "key": "title"}, {"hash": "eb3ed0f88a6ef3d8f6e5ed142c8f9560", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "02df48a97999ec599f45f45b588a1eda", "key": "published"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html", "id": "B6C875F1-1D76-11EC-AE80-704D7B472482", "immutableFields": [], "lastseen": "2021-09-30T20:33:14", "modified": "2021-09-24T00:00:00", "objectVersion": "1.6", "published": "2021-09-24T00:00:00", "references": ["https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html"], "reporter": "FreeBSD", "title": "chromium -- use after free in Portals", "type": "freebsd", "viewCount": 0}, "different_elements": ["cvss"], "edition": 1, "lastseen": "2021-09-30T20:33:14"}], "edition": 2, "hashmap": [{"key": "affectedPackage", "hash": "178b31a5d7942af49c11ebff8770904b"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "0670adfb1729ca955c99f771375c8484"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "eb3ed0f88a6ef3d8f6e5ed142c8f9560"}, {"key": "href", "hash": "411a9b547ed7f27ba8dfb9aa7d6d16f4"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "02df48a97999ec599f45f45b588a1eda"}, {"key": "published", "hash": "02df48a97999ec599f45f45b588a1eda"}, {"key": "references", "hash": "1f433a5307c3c2584e3b8e81d72850f6"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "f8485443df68a30a7da5031c02e67fc2"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "02f1a2d8a2415b89f2cf56270e2e079dd7b3fa899bde68bddfb1a178ee3ad3f5", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T08:33:20", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-15T08:33:20", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "chromium", "packageVersion": "94.0.4606.61"}], "scheme": null}], "nessus": [{"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "18c11124fd6494b35642772957bf560f", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?ee1b5c1f", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-18T23:34:52", "history": [{"bulletin": {"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "9ee44ddf0537578d487cf46d3020a1fa", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba", "http://www.nessus.org/u?ee1b5c1f"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-02T23:49:33", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-02T23:49:33", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-10-02T23:49:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-02T23:49:33", "differentElements": ["cpe"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "c52bee933b0a2c3be21a9bede687ba8f", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?ee1b5c1f"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-14T12:03:00", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-14T12:03:00", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-10-14T12:03:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "p-cpe:2.3:a:freebsd:freebsd:chromium:*:*:*:*:*:*:*"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-14T12:03:00", "differentElements": ["cvss"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "5c3d866a4d4d26cb5450b7a5f457537f", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba", "http://www.nessus.org/u?ee1b5c1f"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-15T11:41:13", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T11:41:13", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-10-15T11:41:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "p-cpe:2.3:a:freebsd:freebsd:chromium:*:*:*:*:*:*:*"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-15T11:41:13", "differentElements": ["cpe"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "e82bed55dd813de7d88605fccb77c9a1", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba", "http://www.nessus.org/u?ee1b5c1f"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-16T11:58:40", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T11:41:13", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-10-15T11:41:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-16T11:58:40", "differentElements": ["vpr"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "hash": "2658e0f029abf22a5f958f23b6f2149c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)", "description": "Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.", "published": "2021-10-01T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/153813", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?ee1b5c1f"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-18T11:35:31", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-15T11:41:13", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-10-15T11:41:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-18T11:35:31", "differentElements": ["cvss3", "cvssScoreSource", "exploitEase", "modified", "nessusSeverity", "sourceData"], "edition": 5}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-18T23:34:52", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-18T23:34:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153813);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/18\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"FreeBSD : chromium -- use after free in Portals (b6c875f1-1d76-11ec-ae80-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n][1251727] High CVE-2021-37973 : Use after free in Portals. Reported\nby Clement Lecigne from Google TAG, with technical assistance from\nSergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21\n\nGoogle is aware that an exploit for CVE-2021-37973 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ee78dba\"\n );\n # https://vuxml.freebsd.org/freebsd/b6c875f1-1d76-11ec-ae80-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b5c1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.61\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "3f26f2d3b5b9a13acd5261c39358acf4", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-22T11:33:23", "history": [{"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "9facc3ab86941a99db4c47ccffb68893", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T11:43:08", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:08", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2021-09-25T11:43:08", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-25T11:43:08", "differentElements": ["vpr"], "edition": 1}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "fce877ae834a32c793fd683a324e859c", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T11:54:42", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:08", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2021-09-25T11:43:08", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-26T11:54:42", "differentElements": ["modified", "sourceData", "vpr"], "edition": 2}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "281cdd54930b2c1798f2a5a85ad7b877", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-27T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-28T11:47:41", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:08", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2021-09-25T11:43:08", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/27\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-28T11:47:41", "differentElements": ["modified", "sourceData", "vpr"], "edition": 3}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "41a710a664bf0e08d5135f54d2cc5690", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T23:39:07", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-01T23:39:07", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2021-10-01T23:39:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-01T23:39:07", "differentElements": ["modified", "sourceData"], "edition": 4}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "0fdd8ffced664ab670e09513a720edb5", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-08T11:39:45", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-08T11:39:45", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-08T11:39:45", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-08T11:39:45", "differentElements": ["sourceData"], "edition": 5}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "d97076a9108a0306c9376eb5c05f2f0a", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-12T23:36:09", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-12T23:36:09", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-10-12T23:36:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-12T23:36:09", "differentElements": ["description", "modified"], "edition": 6}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "c8a31002781107309325a9aa47028328", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "https://crbug.com/1251727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-13T23:53:15", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-13T23:53:15", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-13T23:53:15", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-13T23:53:15", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "a82879017d6e6578d9b19ae0d8a62865", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-18T11:35:23", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1339.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-18T11:35:23", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-18T11:35:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-18T11:35:23", "differentElements": ["cpe", "cvss"], "edition": 8}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "396f733f613825fb24c9bf492c43782b", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-19T23:50:05", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1339.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-18T11:35:23", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-18T11:35:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-19T23:50:05", "differentElements": ["cpe", "cvss", "cvss3", "modified", "nessusSeverity", "sourceData"], "edition": 9}, {"bulletin": {"id": "GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "c7084569ff1d29022339b284c2edfbfc", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153630", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-20T12:04:03", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-20T12:04:03", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-10-20T12:04:03", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-20T12:04:03", "differentElements": ["cpe", "cvss"], "edition": 10}], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-1339.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-22T11:33:23", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-10-22T11:33:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153630);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.61. It is, therefore, affected\nby a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'94.0.4606.61', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "58ba7ad8477a5650b58c5ca170ec73e3", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-22T11:34:00", "history": [{"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "b758722d37eeaca8e29a3de165964dc7", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T11:43:54", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:54", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2021-09-25T11:43:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-25T11:43:54", "differentElements": ["vpr"], "edition": 1}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "25968c6fcf8bd2b0820d83500a1a0c64", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://www.nessus.org/u?2ee78dba", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T11:54:53", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:54", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2021-09-25T11:43:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-26T11:54:53", "differentElements": ["modified", "sourceData", "vpr"], "edition": 2}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "ec44484ac8d39c6dd5b0b0c825f13835", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-27T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-28T11:48:09", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:54", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2021-09-25T11:43:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/27\");\n\n script_cve_id(\"CVE-2021-37973\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-28T11:48:09", "differentElements": ["modified", "sourceData", "vpr"], "edition": 3}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "f84770734bc80fd60dd631b12a0bb385", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T23:40:48", "history": [], "viewCount": 27, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-01T23:40:48", "rev": 2}, "score": {"value": 0.2, "vector": "NONE", "modified": "2021-10-01T23:40:48", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-01T23:40:48", "differentElements": ["modified", "sourceData"], "edition": 4}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "4c1541e0355a64b787db0b0edd466827", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-08T11:40:13", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-08T11:40:13", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-08T11:40:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-08T11:40:13", "differentElements": ["sourceData"], "edition": 5}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "2c8899591357995c9487c85550fdf81a", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-12T23:36:29", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-12T23:36:29", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-12T23:36:29", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-12T23:36:29", "differentElements": ["description", "modified"], "edition": 6}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "6922a33195dd2733a2ce6ed9f49e3e9b", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2ee78dba", "https://crbug.com/1251727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-13T23:53:01", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-13T23:53:01", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-10-13T23:53:01", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-13T23:53:01", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "1e910f1d9d65ffcdf7ee76c0ea99955a", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-18T11:35:30", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "OPENSUSE-2021-1339.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:4CD8430AA7AD"]}], "modified": "2021-10-18T11:35:30", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-10-18T11:35:30", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-18T11:35:30", "differentElements": ["cvss", "cvss3", "modified", "nessusSeverity", "sourceData"], "edition": 8}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "hash": "c0df2b7496dbb4d75cf93d159c782866", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 94.0.4606.61 Vulnerability", "description": "The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by a vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153631", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://crbug.com/1251727", "http://www.nessus.org/u?2ee78dba"], "cvelist": ["CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-20T12:04:30", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-20T12:04:30", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-20T12:04:30", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-20T12:04:30", "differentElements": ["cpe", "cvss"], "edition": 9}], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "cve", "idList": ["CVE-2021-37973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37973"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12299"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "OPENSUSE-2021-1339.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}], "modified": "2021-10-22T11:34:00", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-22T11:34:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153631", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153631);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-37973\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Google Chrome < 94.0.4606.61 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 94.0.4606.61. It is, therefore, affected by\na vulnerability as referenced in the 2021_09_stable-channel-update-for-desktop_24 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ee78dba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251727\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 94.0.4606.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'94.0.4606.61', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Google Chrome version 94.0.4606.61 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-24T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "785434f514b174db7f3baf64432beaaf", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://www.nessus.org/u?6dbcb9b7"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-22T11:33:22", "history": [{"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "c46cc754589c8f4b720d60e9b9f49f99", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://www.nessus.org/u?6dbcb9b7", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T11:43:18", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37963", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37960", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37968", "UB:CVE-2021-37972", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37969", "UB:CVE-2021-37962", "UB:CVE-2021-37957", "UB:CVE-2021-37961"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37965", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37963", "MS:CVE-2021-37969", "MS:CVE-2021-37962", "MS:CVE-2021-37958", "MS:CVE-2021-37961", "MS:CVE-2021-37964", "MS:CVE-2021-37960", "MS:CVE-2021-37959", "MS:CVE-2021-37973", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37972", "MS:CVE-2021-37968"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:18", "rev": 2}, "score": {"value": 0.6, "vector": "NONE", "modified": "2021-09-25T11:43:18", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-25T11:43:18", "differentElements": ["vpr"], "edition": 1}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "835640398bfdb472987a417d0bebeeba", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-26T11:54:41", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37963", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37960", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37968", "UB:CVE-2021-37972", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37969", "UB:CVE-2021-37962", "UB:CVE-2021-37957", "UB:CVE-2021-37961"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37965", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37963", "MS:CVE-2021-37969", "MS:CVE-2021-37962", "MS:CVE-2021-37958", "MS:CVE-2021-37961", "MS:CVE-2021-37964", "MS:CVE-2021-37960", "MS:CVE-2021-37959", "MS:CVE-2021-37973", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37972", "MS:CVE-2021-37968"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:18", "rev": 2}, "score": {"value": 0.6, "vector": "NONE", "modified": "2021-09-25T11:43:18", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-26T11:54:41", "differentElements": ["vpr"], "edition": 2}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "3f9a2ee2263f7722ac7ac669f69561ed", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-09-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-28T11:47:41", "history": [], "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37963", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37960", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37968", "UB:CVE-2021-37972", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37969", "UB:CVE-2021-37962", "UB:CVE-2021-37957", "UB:CVE-2021-37961"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37965", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37963", "MS:CVE-2021-37969", "MS:CVE-2021-37962", "MS:CVE-2021-37958", "MS:CVE-2021-37961", "MS:CVE-2021-37964", "MS:CVE-2021-37960", "MS:CVE-2021-37959", "MS:CVE-2021-37973", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37972", "MS:CVE-2021-37968"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-09-25T11:43:18", "rev": 2}, "score": {"value": 0.6, "vector": "NONE", "modified": "2021-09-25T11:43:18", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-28T11:47:41", "differentElements": ["modified", "sourceData", "vpr"], "edition": 3}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "5c84208d40eb45556564e4c828c53a3c", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-01T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-01T23:39:06", "history": [], "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12294", "KLA12298", "KLA12299"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "701368.PASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:B97503020A86"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37964", "UB:CVE-2021-37967", "UB:CVE-2021-37966", "UB:CVE-2021-37965", "UB:CVE-2021-37972", "UB:CVE-2021-37963", "UB:CVE-2021-37959", "UB:CVE-2021-37958", "UB:CVE-2021-37973", "UB:CVE-2021-37962", "UB:CVE-2021-37971", "UB:CVE-2021-37970", "UB:CVE-2021-37956", "UB:CVE-2021-37960", "UB:CVE-2021-37961", "UB:CVE-2021-37969", "UB:CVE-2021-37957", "UB:CVE-2021-37968"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37971", "MS:CVE-2021-37965", "MS:CVE-2021-37969", "MS:CVE-2021-37973", "MS:CVE-2021-37957", "MS:CVE-2021-37966", "MS:CVE-2021-37962", "MS:CVE-2021-37967", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37961", "MS:CVE-2021-37956", "MS:CVE-2021-37964", "MS:CVE-2021-37972", "MS:CVE-2021-37959", "MS:CVE-2021-37960", "MS:CVE-2021-37958", "MS:CVE-2021-37963"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-01T23:39:06", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2021-10-01T23:39:06", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/01\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-01T23:39:06", "differentElements": ["modified", "sourceData"], "edition": 4}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "0032ab3ef3595df1af8f0ab59ef730b9", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://www.nessus.org/u?6dbcb9b7", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-08T11:39:47", "history": [], "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12298", "KLA12294", "KLA12299"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:B97503020A86", "FEDORA:1C5A430C4EB3", "FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37962", "UB:CVE-2021-37960", "UB:CVE-2021-37968", "UB:CVE-2021-37957", "UB:CVE-2021-37959", "UB:CVE-2021-37969", "UB:CVE-2021-37961", "UB:CVE-2021-37971", "UB:CVE-2021-37963", "UB:CVE-2021-37966", "UB:CVE-2021-37965", "UB:CVE-2021-37973", "UB:CVE-2021-37958", "UB:CVE-2021-37967", "UB:CVE-2021-37964", "UB:CVE-2021-37972", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37970", "CVE-2021-37961", "CVE-2021-37965", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37968", "CVE-2021-37966", "CVE-2021-37958", "CVE-2021-37967", "CVE-2021-37962", "CVE-2021-37957", "CVE-2021-37956", "CVE-2021-37959", "CVE-2021-37963", "CVE-2021-37973", "CVE-2021-37971", "CVE-2021-37969"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37959", "MS:CVE-2021-37972", "MS:CVE-2021-37966", "MS:CVE-2021-37967", "MS:CVE-2021-37956", "MS:CVE-2021-37962", "MS:CVE-2021-37958", "MS:CVE-2021-37957", "MS:CVE-2021-37973", "MS:CVE-2021-37964", "MS:CVE-2021-37961", "MS:CVE-2021-37963", "MS:CVE-2021-37965", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37969", "MS:CVE-2021-37960", "MS:CVE-2021-37971"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-08T11:39:47", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-10-08T11:39:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-08T11:39:47", "differentElements": ["sourceData"], "edition": 5}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "c806dfba35243928f29323a3ef679936", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-12T23:36:09", "history": [], "viewCount": 27, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA12299", "KLA12298", "KLA12294"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL"]}, {"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:B97503020A86", "FEDORA:1C5A430C4EB3", "FEDORA:E043930AE6E8"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37961", "UB:CVE-2021-37957", "UB:CVE-2021-37966", "UB:CVE-2021-37958", "UB:CVE-2021-37971", "UB:CVE-2021-37956", "UB:CVE-2021-37973", "UB:CVE-2021-37964", "UB:CVE-2021-37965", "UB:CVE-2021-37962", "UB:CVE-2021-37970", "UB:CVE-2021-37963", "UB:CVE-2021-37969", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37972", "UB:CVE-2021-37959", "UB:CVE-2021-37960"]}, {"type": "cve", "idList": ["CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37965", "CVE-2021-37972", "CVE-2021-37970", "CVE-2021-37959", "CVE-2021-37962", "CVE-2021-37969", "CVE-2021-37957", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37966", "CVE-2021-37964", "CVE-2021-37958", "CVE-2021-37967"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37963", "MS:CVE-2021-37973", "MS:CVE-2021-37957", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37964", "MS:CVE-2021-37971", "MS:CVE-2021-37972", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37969", "MS:CVE-2021-37967", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37966", "MS:CVE-2021-37962", "MS:CVE-2021-37956", "MS:CVE-2021-37965"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535"]}], "modified": "2021-10-12T23:36:09", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-10-12T23:36:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-12T23:36:09", "differentElements": ["description", "modified"], "edition": 6}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "2613913e2fbd066495ca47c2d4f4fa42", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://www.nessus.org/u?6dbcb9b7", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-13T23:53:14", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37960", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37964", "UB:CVE-2021-37968", "UB:CVE-2021-37969", "UB:CVE-2021-37966", "UB:CVE-2021-37956", "UB:CVE-2021-37962", "UB:CVE-2021-37973", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37966", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37962", "CVE-2021-37970", "CVE-2021-37958", "CVE-2021-37967", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37965", "CVE-2021-37971", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37968", "CVE-2021-37969"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37956", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37969", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37962", "MS:CVE-2021-37957", "MS:CVE-2021-37963", "MS:CVE-2021-37971", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37968", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37965"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-13T23:53:14", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-13T23:53:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-13T23:53:14", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "a1d272bdfb7b7ee7f7eb7f98b32d9329", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-18T11:35:23", "history": [], "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37960", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37964", "UB:CVE-2021-37968", "UB:CVE-2021-37969", "UB:CVE-2021-37966", "UB:CVE-2021-37956", "UB:CVE-2021-37962", "UB:CVE-2021-37973", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37966", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37962", "CVE-2021-37970", "CVE-2021-37958", "CVE-2021-37967", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37965", "CVE-2021-37971", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37968", "CVE-2021-37969"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37956", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37969", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37962", "MS:CVE-2021-37957", "MS:CVE-2021-37963", "MS:CVE-2021-37971", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37968", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37965"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-13T23:53:14", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-13T23:53:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-18T11:35:23", "differentElements": ["cpe", "cvss"], "edition": 8}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "9ed48ac95470afe69165315eed54efc8", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://www.nessus.org/u?6dbcb9b7", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-19T23:50:03", "history": [], "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "OPENSUSE-2021-1339.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37960", "UB:CVE-2021-37971", "UB:CVE-2021-37959", "UB:CVE-2021-37967", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37964", "UB:CVE-2021-37968", "UB:CVE-2021-37969", "UB:CVE-2021-37966", "UB:CVE-2021-37956", "UB:CVE-2021-37962", "UB:CVE-2021-37973", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37966", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37962", "CVE-2021-37970", "CVE-2021-37958", "CVE-2021-37967", "CVE-2021-37973", "CVE-2021-37963", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37965", "CVE-2021-37971", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37968", "CVE-2021-37969"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37956", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37969", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37962", "MS:CVE-2021-37957", "MS:CVE-2021-37963", "MS:CVE-2021-37971", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37968", "MS:CVE-2021-37967", "MS:CVE-2021-37966", "MS:CVE-2021-37965"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-13T23:53:14", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-13T23:53:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "cpe": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-19T23:50:03", "differentElements": ["cpe", "cvss", "cvss3", "modified", "nessusSeverity", "sourceData"], "edition": 9}, {"bulletin": {"id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "hash": "8ef5a4ce4259d028c4cab1f8b559aeec", "type": "nessus", "bulletinFamily": "scanner", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-24T00:00:00", "modified": "2021-10-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153666", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962", "http://www.nessus.org/u?6dbcb9b7", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-20T12:04:02", "history": [], "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12294", "KLA12298", "KLA12299"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37958", "UB:CVE-2021-37963", "UB:CVE-2021-37959", "UB:CVE-2021-37961", "UB:CVE-2021-37965", "UB:CVE-2021-37970", "UB:CVE-2021-37957", "UB:CVE-2021-37971", "UB:CVE-2021-37972", "UB:CVE-2021-37969", "UB:CVE-2021-37956", "UB:CVE-2021-37960", "UB:CVE-2021-37973", "UB:CVE-2021-37962", "UB:CVE-2021-37964", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37966"]}, {"type": "cve", "idList": ["CVE-2021-37973", "CVE-2021-37962", "CVE-2021-37965", "CVE-2021-37964", "CVE-2021-37969", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37958", "CVE-2021-37972", "CVE-2021-37967", "CVE-2021-37956", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37970", "CVE-2021-37966", "CVE-2021-37963", "CVE-2021-37961"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37968", "MS:CVE-2021-37958", "MS:CVE-2021-37960", "MS:CVE-2021-37965", "MS:CVE-2021-37964", "MS:CVE-2021-37972", "MS:CVE-2021-37973", "MS:CVE-2021-37969", "MS:CVE-2021-37962", "MS:CVE-2021-37967", "MS:CVE-2021-37956", "MS:CVE-2021-37970", "MS:CVE-2021-37963", "MS:CVE-2021-37961", "MS:CVE-2021-37971", "MS:CVE-2021-37959", "MS:CVE-2021-37966", "MS:CVE-2021-37957"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-20T12:04:02", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-20T12:04:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:microsoft:edge"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-20T12:04:02", "differentElements": ["cpe", "cvss"], "edition": 10}], "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12294", "KLA12298", "KLA12299"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "fedora", "idList": ["FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37962", "UB:CVE-2021-37959", "UB:CVE-2021-37963", "UB:CVE-2021-37967", "UB:CVE-2021-37957", "UB:CVE-2021-37973", "UB:CVE-2021-37972", "UB:CVE-2021-37958", "UB:CVE-2021-37968", "UB:CVE-2021-37964", "UB:CVE-2021-37970", "UB:CVE-2021-37960", "UB:CVE-2021-37965", "UB:CVE-2021-37971", "UB:CVE-2021-37969", "UB:CVE-2021-37956", "UB:CVE-2021-37966", "UB:CVE-2021-37961"]}, {"type": "cve", "idList": ["CVE-2021-37958", "CVE-2021-37970", "CVE-2021-37972", "CVE-2021-37965", "CVE-2021-37959", "CVE-2021-37957", "CVE-2021-37962", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37964", "CVE-2021-37971", "CVE-2021-37969", "CVE-2021-37956", "CVE-2021-37973", "CVE-2021-37961", "CVE-2021-37968", "CVE-2021-37963"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37973", "MS:CVE-2021-37961", "MS:CVE-2021-37965", "MS:CVE-2021-37962", "MS:CVE-2021-37972", "MS:CVE-2021-37957", "MS:CVE-2021-37956", "MS:CVE-2021-37963", "MS:CVE-2021-37960", "MS:CVE-2021-37967", "MS:CVE-2021-37971", "MS:CVE-2021-37966", "MS:CVE-2021-37968", "MS:CVE-2021-37964", "MS:CVE-2021-37970", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37969"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-22T11:33:22", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-22T11:33:22", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Microsoft Edge version 94.0.992.31 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37973", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-24T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "OPENSUSE-2021-1339.NASL", "hash": "cb0467e49efbddeabc35cd671cb596d4", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-12T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154006", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37975", "https://www.suse.com/security/cve/CVE-2021-37957", "https://www.suse.com/security/cve/CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://www.suse.com/security/cve/CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://bugzilla.suse.com/1191166", "https://www.suse.com/security/cve/CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "https://www.suse.com/security/cve/CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://www.suse.com/security/cve/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37971", "https://bugzilla.suse.com/1190765", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://bugzilla.suse.com/1191204", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://www.nessus.org/u?d6c232f4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://www.suse.com/security/cve/CVE-2021-37956", "https://www.suse.com/security/cve/CVE-2021-37966", "https://www.suse.com/security/cve/CVE-2021-37961", "https://www.suse.com/security/cve/CVE-2021-37962", "https://www.suse.com/security/cve/CVE-2021-37967"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "immutableFields": [], "lastseen": "2021-10-18T11:35:48", "history": [{"bulletin": {"id": "OPENSUSE-2021-1339.NASL", "hash": "d415ac992d216d3a5dcbcc43f9433d21", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-12T00:00:00", "modified": "2021-10-12T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154006", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://bugzilla.suse.com/1191166", "https://bugzilla.suse.com/1190765", "https://www.suse.com/security/cve/CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "https://www.suse.com/security/cve/CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://www.suse.com/security/cve/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://www.suse.com/security/cve/CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37969", "https://www.suse.com/security/cve/CVE-2021-37973", "https://www.suse.com/security/cve/CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "http://www.nessus.org/u?d6c232f4", "https://www.suse.com/security/cve/CVE-2021-37962", "https://www.suse.com/security/cve/CVE-2021-37960", "https://www.suse.com/security/cve/CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://bugzilla.suse.com/1191204", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://www.suse.com/security/cve/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://www.suse.com/security/cve/CVE-2021-37976"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "immutableFields": [], "lastseen": "2021-10-12T23:37:14", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "777EDBBE-2230-11EC-8869-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37971", "UB:CVE-2021-37967", "UB:CVE-2021-37976", "UB:CVE-2021-37974", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37966", "UB:CVE-2021-37959", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37973", "UB:CVE-2021-37962", "UB:CVE-2021-37960", "UB:CVE-2021-37968", "UB:CVE-2021-37956", "UB:CVE-2021-37969", "UB:CVE-2021-37975", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37957", "CVE-2021-37970", "CVE-2021-37973", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37976", "CVE-2021-37968", "CVE-2021-37974", "CVE-2021-37962", "CVE-2021-37958", "CVE-2021-37969", "CVE-2021-37959", "CVE-2021-37975", "CVE-2021-37963", "CVE-2021-37971", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37965"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37969", "MS:CVE-2021-37966", "MS:CVE-2021-37965", "MS:CVE-2021-37975", "MS:CVE-2021-37963", "MS:CVE-2021-37967", "MS:CVE-2021-37956", "MS:CVE-2021-37974", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37957", "MS:CVE-2021-37968", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37962", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37976", "MS:CVE-2021-37971"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "thn", "idList": ["THN:6A9CD6F085628D08978727C0FF597535", "THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:73EAE8A2825E9B6764F314122B4E5F25"]}], "modified": "2021-10-12T23:37:14", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-12T23:37:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154006", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1339-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154006);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GDJ2M5H37726GXT3YZBJRSXV3JYGN7CL/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6c232f4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37975\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected chromedriver and / or chromium packages.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37975", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-11T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-12T23:37:14", "differentElements": ["vpr"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "freebsd", "idList": ["B6C875F1-1D76-11EC-AE80-704D7B472482", "777EDBBE-2230-11EC-8869-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12298", "KLA12294"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "OPENSUSE-2021-1350.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "OPENSUSE-2021-1358.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "FEDORA_2021-116EFF380F.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "701368.PASL"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD", "FEDORA:1C5A430C4EB3", "FEDORA:BE52E30CCCAA"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37968", "UB:CVE-2021-37967", "UB:CVE-2021-37971", "UB:CVE-2021-37963", "UB:CVE-2021-37972", "UB:CVE-2021-37958", "UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37966", "UB:CVE-2021-37964", "UB:CVE-2021-37975", "UB:CVE-2021-37973", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37969", "UB:CVE-2021-37974", "UB:CVE-2021-37965", "UB:CVE-2021-37976", "UB:CVE-2021-37970", "UB:CVE-2021-37962"]}, {"type": "cve", "idList": ["CVE-2021-37963", "CVE-2021-37959", "CVE-2021-37968", "CVE-2021-37956", "CVE-2021-37962", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37972", "CVE-2021-37957", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37971", "CVE-2021-37970", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37961", "CVE-2021-37967", "CVE-2021-37958", "CVE-2021-37969", "CVE-2021-37964"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37972", "MS:CVE-2021-37960", "MS:CVE-2021-37969", "MS:CVE-2021-37975", "MS:CVE-2021-37957", "MS:CVE-2021-37956", "MS:CVE-2021-37958", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37968", "MS:CVE-2021-37971", "MS:CVE-2021-37967", "MS:CVE-2021-37973", "MS:CVE-2021-37974", "MS:CVE-2021-37976", "MS:CVE-2021-37963", "MS:CVE-2021-37959", "MS:CVE-2021-37970", "MS:CVE-2021-37964", "MS:CVE-2021-37961", "MS:CVE-2021-37962"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-18T11:35:48", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-18T11:35:48", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154006", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1339-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154006);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GDJ2M5H37726GXT3YZBJRSXV3JYGN7CL/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6c232f4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37975\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected chromedriver and / or chromium packages.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2021-37975", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-11T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-2021-1350.NASL", "hash": "d24f0f4acde4bcf6a2c12e364cda90e1", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-13T00:00:00", "modified": "2021-10-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154079", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977", "https://www.suse.com/security/cve/CVE-2021-37975", "https://www.suse.com/security/cve/CVE-2021-37957", "https://www.suse.com/security/cve/CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37965", "https://www.suse.com/security/cve/CVE-2021-37978", "https://www.suse.com/security/cve/CVE-2021-37979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://www.suse.com/security/cve/CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "https://bugzilla.suse.com/1191166", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979", "https://www.suse.com/security/cve/CVE-2021-37959", "http://www.nessus.org/u?ba7d1788", "https://www.suse.com/security/cve/CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37974", "https://www.suse.com/security/cve/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "https://www.suse.com/security/cve/CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://www.suse.com/security/cve/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37971", "https://bugzilla.suse.com/1190765", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://bugzilla.suse.com/1191463", "https://bugzilla.suse.com/1191204", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://www.suse.com/security/cve/CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://www.suse.com/security/cve/CVE-2021-37980", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37977", "https://www.suse.com/security/cve/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://www.suse.com/security/cve/CVE-2021-37956", "https://www.suse.com/security/cve/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37980", "https://www.suse.com/security/cve/CVE-2021-37961", "https://www.suse.com/security/cve/CVE-2021-37962", "https://www.suse.com/security/cve/CVE-2021-37967"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "immutableFields": [], "lastseen": "2021-10-18T11:35:21", "history": [{"bulletin": {"id": "OPENSUSE-2021-1350.NASL", "hash": "0ffd998ce806310f72ffd370a6b50cf9", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-13T00:00:00", "modified": "2021-10-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154079", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37974", "https://www.suse.com/security/cve/CVE-2021-37980", "https://www.suse.com/security/cve/CVE-2021-37956", "https://www.suse.com/security/cve/CVE-2021-37964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://www.suse.com/security/cve/CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37971", "https://www.suse.com/security/cve/CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "https://www.suse.com/security/cve/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://bugzilla.suse.com/1191463", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "https://bugzilla.suse.com/1190765", "https://bugzilla.suse.com/1191204", "https://www.suse.com/security/cve/CVE-2021-37967", "https://www.suse.com/security/cve/CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "https://www.suse.com/security/cve/CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "https://www.suse.com/security/cve/CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "https://www.suse.com/security/cve/CVE-2021-37957", "https://www.suse.com/security/cve/CVE-2021-37968", "https://www.suse.com/security/cve/CVE-2021-37978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "http://www.nessus.org/u?ba7d1788", "https://www.suse.com/security/cve/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37980", "https://www.suse.com/security/cve/CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979", "https://www.suse.com/security/cve/CVE-2021-37977", "https://www.suse.com/security/cve/CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "https://bugzilla.suse.com/1191166", "https://www.suse.com/security/cve/CVE-2021-37979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "https://www.suse.com/security/cve/CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "immutableFields": [], "lastseen": "2021-10-14T12:03:27", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL"]}, {"type": "freebsd", "idList": ["777EDBBE-2230-11EC-8869-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37971", "UB:CVE-2021-37976", "UB:CVE-2021-37967", "UB:CVE-2021-37974", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37966", "UB:CVE-2021-37977", "UB:CVE-2021-37978", "UB:CVE-2021-37959", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37973", "UB:CVE-2021-37962", "UB:CVE-2021-37979", "UB:CVE-2021-37960", "UB:CVE-2021-37980", "UB:CVE-2021-37968", "UB:CVE-2021-37956", "UB:CVE-2021-37969", "UB:CVE-2021-37975", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37957", "CVE-2021-37970", "CVE-2021-37973", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37976", "CVE-2021-37968", "CVE-2021-37974", "CVE-2021-37962", "CVE-2021-37958", "CVE-2021-37969", "CVE-2021-37959", "CVE-2021-37975", "CVE-2021-37963", "CVE-2021-37971", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37965"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37969", "MS:CVE-2021-37966", "MS:CVE-2021-37965", "MS:CVE-2021-37975", "MS:CVE-2021-37963", "MS:CVE-2021-37967", "MS:CVE-2021-37956", "MS:CVE-2021-37974", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37957", "MS:CVE-2021-37968", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37962", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37976", "MS:CVE-2021-37971"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}], "modified": "2021-10-14T12:03:27", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-14T12:03:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154079", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1350-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154079);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37980\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191463\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba7d1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected chromedriver and / or chromium packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37957", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-12T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-14T12:03:27", "differentElements": ["modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "OPENSUSE-2021-1350.NASL", "hash": "7dcb6ef9e294bae698dc90b905afff39", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-13T00:00:00", "modified": "2021-10-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154079", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1191204", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977", "https://bugzilla.suse.com/1191463", "https://www.suse.com/security/cve/CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37960", "https://www.suse.com/security/cve/CVE-2021-37966", "https://www.suse.com/security/cve/CVE-2021-37957", "https://www.suse.com/security/cve/CVE-2021-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978", "https://www.suse.com/security/cve/CVE-2021-37964", "https://bugzilla.suse.com/1191166", "https://www.suse.com/security/cve/CVE-2021-37980", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975", "https://www.suse.com/security/cve/CVE-2021-37959", "https://www.suse.com/security/cve/CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37961", "https://www.suse.com/security/cve/CVE-2021-37970", "https://bugzilla.suse.com/1190765", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963", "https://www.suse.com/security/cve/CVE-2021-37979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964", "https://www.suse.com/security/cve/CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970", "https://www.suse.com/security/cve/CVE-2021-37975", "https://www.suse.com/security/cve/CVE-2021-37965", "https://www.suse.com/security/cve/CVE-2021-37978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969", "https://www.suse.com/security/cve/CVE-2021-37968", "https://www.suse.com/security/cve/CVE-2021-37976", "https://www.suse.com/security/cve/CVE-2021-37960", "https://www.suse.com/security/cve/CVE-2021-37958", "https://www.suse.com/security/cve/CVE-2021-37972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966", "https://www.suse.com/security/cve/CVE-2021-37977", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965", "https://www.suse.com/security/cve/CVE-2021-37973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979", "https://www.suse.com/security/cve/CVE-2021-37962", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37980", "http://www.nessus.org/u?ba7d1788", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973", "https://www.suse.com/security/cve/CVE-2021-37971"], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "immutableFields": [], "lastseen": "2021-10-15T23:53:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "OPENSUSE-2021-1339.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "701368.PASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL"]}, {"type": "freebsd", "idList": ["777EDBBE-2230-11EC-8869-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294", "KLA12298"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:B97503020A86", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37971", "UB:CVE-2021-37976", "UB:CVE-2021-37967", "UB:CVE-2021-37974", "UB:CVE-2021-37958", "UB:CVE-2021-37964", "UB:CVE-2021-37966", "UB:CVE-2021-37977", "UB:CVE-2021-37978", "UB:CVE-2021-37959", "UB:CVE-2021-37965", "UB:CVE-2021-37963", "UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37972", "UB:CVE-2021-37973", "UB:CVE-2021-37962", "UB:CVE-2021-37979", "UB:CVE-2021-37960", "UB:CVE-2021-37980", "UB:CVE-2021-37968", "UB:CVE-2021-37956", "UB:CVE-2021-37969", "UB:CVE-2021-37975", "UB:CVE-2021-37970"]}, {"type": "cve", "idList": ["CVE-2021-37957", "CVE-2021-37970", "CVE-2021-37973", "CVE-2021-37961", "CVE-2021-37956", "CVE-2021-37964", "CVE-2021-37972", "CVE-2021-37976", "CVE-2021-37968", "CVE-2021-37974", "CVE-2021-37962", "CVE-2021-37958", "CVE-2021-37969", "CVE-2021-37959", "CVE-2021-37975", "CVE-2021-37963", "CVE-2021-37971", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37965"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37969", "MS:CVE-2021-37966", "MS:CVE-2021-37965", "MS:CVE-2021-37975", "MS:CVE-2021-37963", "MS:CVE-2021-37967", "MS:CVE-2021-37956", "MS:CVE-2021-37974", "MS:CVE-2021-37973", "MS:CVE-2021-37959", "MS:CVE-2021-37958", "MS:CVE-2021-37957", "MS:CVE-2021-37968", "MS:CVE-2021-37972", "MS:CVE-2021-37961", "MS:CVE-2021-37970", "MS:CVE-2021-37962", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37976", "MS:CVE-2021-37971"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}], "modified": "2021-10-14T12:03:27", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-14T12:03:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154079", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1350-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154079);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/15\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37980\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191463\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba7d1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected chromedriver and / or chromium packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37957", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-12T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-15T23:53:11", "differentElements": ["vpr"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "OPENSUSE-2021-1358.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "FEDORA_2021-116EFF380F.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "701368.PASL"]}, {"type": "freebsd", "idList": ["777EDBBE-2230-11EC-8869-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12294"]}, {"type": "fedora", "idList": ["FEDORA:E043930AE6E8", "FEDORA:BE52E30CCCAA", "FEDORA:4CD8430AA7AD", "FEDORA:1C5A430C4EB3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37968", "UB:CVE-2021-37967", "UB:CVE-2021-37971", "UB:CVE-2021-37963", "UB:CVE-2021-37972", "UB:CVE-2021-37958", "UB:CVE-2021-37957", "UB:CVE-2021-37961", "UB:CVE-2021-37979", "UB:CVE-2021-37966", "UB:CVE-2021-37964", "UB:CVE-2021-37980", "UB:CVE-2021-37975", "UB:CVE-2021-37978", "UB:CVE-2021-37973", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37969", "UB:CVE-2021-37977", "UB:CVE-2021-37974", "UB:CVE-2021-37965", "UB:CVE-2021-37976", "UB:CVE-2021-37970", "UB:CVE-2021-37962"]}, {"type": "cve", "idList": ["CVE-2021-37963", "CVE-2021-37959", "CVE-2021-37968", "CVE-2021-37956", "CVE-2021-37962", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37972", "CVE-2021-37957", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37971", "CVE-2021-37970", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37961", "CVE-2021-37967", "CVE-2021-37958", "CVE-2021-37969", "CVE-2021-37964"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37972", "MS:CVE-2021-37960", "MS:CVE-2021-37969", "MS:CVE-2021-37975", "MS:CVE-2021-37957", "MS:CVE-2021-37956", "MS:CVE-2021-37958", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37968", "MS:CVE-2021-37971", "MS:CVE-2021-37967", "MS:CVE-2021-37973", "MS:CVE-2021-37974", "MS:CVE-2021-37976", "MS:CVE-2021-37963", "MS:CVE-2021-37959", "MS:CVE-2021-37970", "MS:CVE-2021-37964", "MS:CVE-2021-37961", "MS:CVE-2021-37962"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}], "modified": "2021-10-18T11:35:21", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-18T11:35:21", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154079", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1350-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154079);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/15\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37980\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191463\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba7d1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37957\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected chromedriver and / or chromium packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-37957", "vpr": {"risk factor": "Critical", "score": "10"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-12T00:00:00", "vulnerabilityPublicationDate": "2021-09-21T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "thn": [{"id": "THN:6A9CD6F085628D08978727C0FF597535", "hash": "7f8f0416edcbf5ad4f31275e39a1001b", "type": "thn", "bulletinFamily": "info", "title": "Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability", "description": "[](<https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.\n\nTracked as [CVE-2021-37973](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>), the vulnerability has been described as [use after free](<https://cwe.mitre.org/data/definitions/416.html>) in [Portals API](<https://web.dev/hands-on-portals/>), a web page navigation system that enables a page to show another page as an inset and \"perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document.\"\n\nCl\u00e9ment Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's \"aware that an exploit for CVE-2021-37973 exists in the wild.\"\n\nThe update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ([CVE-2021-30869](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>)), which the TAG noted as being \"used in conjunction with a N-day remote code execution targeting WebKit.\" With the latest fix, Google has addressed a total of [12 zero-day flaws in Chrome](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) since the start of 2021:\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n\nChrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-09-25T06:39:00", "modified": "2021-09-27T04:38:24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30869", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-27T06:42:49", "history": [{"bulletin": {"id": "THN:6A9CD6F085628D08978727C0FF597535", "hash": "d1dfd935c18aa0e9592ac7d701e52feb", "type": "thn", "bulletinFamily": "info", "title": "Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability", "description": "[](<https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.\n\nTracked as [CVE-2021-37973](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>), the vulnerability has been described as [use after free](<https://cwe.mitre.org/data/definitions/416.html>) in [Portals API](<https://web.dev/hands-on-portals/>), a web page navigation system that enables a page to show another page as an inset and \"perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document.\"\n\nCl\u00e9ment Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's \"aware that an exploit for CVE-2021-37973 exists in the wild.\"\n\nThe update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ([CVE-2021-30869](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>)), which the TAG noted as being \"used in conjunction with a N-day remote code execution targeting WebKit.\" With the latest fix, Google has addressed a total of [12 zero-day flaws in Chrome](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) since the start of 2021:\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use after free in Indexed DB API\n\nChrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-09-25T06:39:00", "modified": "2021-09-25T06:39:22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30869", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-09-25T06:52:27", "history": [], "viewCount": 57, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:F197A729A4F49F957F9D5910875EBAAA", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:15BF409706D7240A5276C705732D745F", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:FF8DAEC0AE0DDAE827D57407C51BE992", "THN:62ECC5B73032124D6559355B66E1C469", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:C736174C6B0ADC38AA88BC58F30271DA"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:AC714CB24C401F36B220E29C6D2B049F", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35"]}, {"type": "attackerkb", "idList": ["AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:51E88AF4-0A81-4B72-8855-34DF072124D9", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4"]}, {"type": "threatpost", "idList": ["THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:CF9E25BD324C5940B0795721CA134155"]}, {"type": "cve", "idList": ["CVE-2021-21224", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-30869", "CVE-2021-21220", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-21148", "CVE-2021-30554", "CVE-2021-30563"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30563", "UB:CVE-2021-21193", "UB:CVE-2021-21206", "UB:CVE-2021-30551", "UB:CVE-2021-21166", "UB:CVE-2021-30633", "UB:CVE-2021-21220", "UB:CVE-2021-30632", "UB:CVE-2021-30554", "UB:CVE-2021-21224", "UB:CVE-2021-21148"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21148", "MS:CVE-2021-30632", "MS:CVE-2021-21220", "MS:CVE-2021-30563", "MS:CVE-2021-21224", "MS:CVE-2021-21206", "MS:CVE-2021-30551", "MS:CVE-2021-30633", "MS:CVE-2021-21193", "MS:CVE-2021-37973", "MS:CVE-2021-30554", "MS:CVE-2021-21166"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30563/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21206/", "MSF:ILITIES/SUSE-CVE-2021-21166/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "kaspersky", "idList": ["KLA12179", "KLA12143", "KLA12136", "KLA12063", "KLA12062", "KLA12183"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_88_0_705_63.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "OPENSUSE-2021-267.NASL", "OPENSUSE-2021-712.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "OPENSUSE-2021-567.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "701321.PASL", "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "OPENSUSE-2021-296.NASL", "GOOGLE_CHROME_88_0_4324_150.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_150.NASL", "701323.PASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL"]}, {"type": "freebsd", "idList": ["3E01AAD2-680E-11EB-83E2-E09467587C17", "7C0D71A9-9D48-11EB-97A0-E09467587C17"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0575-1", "OPENSUSE-SU-2021:0296-1", "OPENSUSE-SU-2021:0267-1", "OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:0276-1", "OPENSUSE-SU-2021:0712-1"]}, {"type": "securelist", "idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}, {"type": "cisa", "idList": ["CISA:67D945E5ECA0CDAAE641683ED29CBC30", "CISA:F9916EF5EF9E126FF62CF4162B96669F", "CISA:D060813248AE96F3F62B7F67A176132F"]}, {"type": "zdi", "idList": ["ZDI-21-411"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162437"]}, {"type": "zdt", "idList": ["1337DAY-ID-36202"]}], "modified": "2021-09-25T06:52:27", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-09-25T06:52:27", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-25T06:52:27", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 95, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:15BF409706D7240A5276C705732D745F", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:FF8DAEC0AE0DDAE827D57407C51BE992", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:F197A729A4F49F957F9D5910875EBAAA", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:62ECC5B73032124D6559355B66E1C469", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:C736174C6B0ADC38AA88BC58F30271DA"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35"]}, {"type": "attackerkb", "idList": ["AKB:624AC3C7-B310-4975-8649-2694A0CF4962", "AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:732A3017-A62C-4347-9709-9B8790F47FA1", "AKB:9D905B34-8121-41F5-8B42-E3A825212673", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:51E88AF4-0A81-4B72-8855-34DF072124D9", "AKB:7E06EF37-046E-4E9E-AD5A-F4C2477ECB9E", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4", "AKB:CA974604-20CA-4B73-9BF4-0D9065889771", "AKB:DD1DB11A-039E-4C46-8789-1158839E5A3F", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F"]}, {"type": "cve", "idList": ["CVE-2021-30551", "CVE-2021-30554", "CVE-2021-21220", "CVE-2021-30563", "CVE-2021-30633", "CVE-2021-30632", "CVE-2021-21206", "CVE-2021-21224", "CVE-2021-30869", "CVE-2021-37973", "CVE-2021-21193", "CVE-2021-21166", "CVE-2021-21148"]}, {"type": "threatpost", "idList": ["THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30563", "UB:CVE-2021-30551", "UB:CVE-2021-21220", "UB:CVE-2021-37973", "UB:CVE-2021-30554", "UB:CVE-2021-30632", "UB:CVE-2021-21166", "UB:CVE-2021-21193", "UB:CVE-2021-21206", "UB:CVE-2021-30633", "UB:CVE-2021-21148", "UB:CVE-2021-21224"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21206/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30563/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/", "MSF:ILITIES/SUSE-CVE-2021-21166/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21148", "MS:CVE-2021-30632", "MS:CVE-2021-37973", "MS:CVE-2021-21224", "MS:CVE-2021-30563", "MS:CVE-2021-30551", "MS:CVE-2021-21220", "MS:CVE-2021-30554", "MS:CVE-2021-21193", "MS:CVE-2021-30633", "MS:CVE-2021-21206", "MS:CVE-2021-21166"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "kaspersky", "idList": ["KLA12136", "KLA12284", "KLA12183", "KLA12143", "KLA12298"]}, {"type": "freebsd", "idList": ["7C0D71A9-9D48-11EB-97A0-E09467587C17", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:0575-1", "OPENSUSE-SU-2021:0712-1"]}, {"type": "nessus", "idList": ["MACOS_HT212825.NASL", "701349.PASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "OPENSUSE-2021-567.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "OPENSUSE-2021-712.NASL"]}, {"type": "securelist", "idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}, {"type": "cisa", "idList": ["CISA:D060813248AE96F3F62B7F67A176132F", "CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}], "modified": "2021-09-27T06:42:49", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-09-27T06:42:49", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"]}, {"id": "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "hash": "72ae9043db567ecb9d30a68ab9102198", "type": "thn", "bulletinFamily": "info", "title": "Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEggQTDQ-V9WbcSJKwsXKGeYWFxP3jSKikqYhYG8xpFa_NiB7aFJV8tcR11eRFpoq9nIOMlHfbefT2pZC9vdUHCul3SAafHr4t5T-oIIj-H61WEAlv8x9Mfzo1cqzuxor4bqF090P_C7w7fQqzoSFEmUVm1PvbmzU9YENMC2O_ZAEkOC_qbBbzYZdzhA>)\n\nGoogle on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.\n\nThe issues, designated as [CVE-2021-37975 and CVE-2021-37976](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html>), are part of a total of four patches, and concern a [use-after-free flaw](<https://cwe.mitre.org/data/definitions/416.html>) in V8 JavaScript and WebAssembly engine as well as an information leak in core.\n\nAs is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks so as to allow a majority of users to be updated with the patches, but noted that it's aware that \"exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.\"\n\n[](<https://go.thn.li/rewind-1> \"Automatic GitHub Backups\" )\n\nAn anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Cl\u00e9ment Lecigne from Google Threat Analysis Group, who was also credited with [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>), another actively exploited use-after-free vulnerability in Chrome's Portals API that was reported last week, raising the possibility that the two flaws may have been stringed together as part of an exploit chain to execute arbitrary code.\n\nWith the latest update, Google has addressed a record 14 zero-days in the web browser since the start of the year.\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n\nChrome users are advised to update to the latest version (94.0.4606.71) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-10-01T03:30:00", "modified": "2021-10-05T05:27:09", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976"], "immutableFields": [], "lastseen": "2021-10-05T06:35:59", "history": [{"bulletin": {"id": "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "hash": "f88045b12de6de400e267df5eeca082e", "type": "thn", "bulletinFamily": "info", "title": "Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEggQTDQ-V9WbcSJKwsXKGeYWFxP3jSKikqYhYG8xpFa_NiB7aFJV8tcR11eRFpoq9nIOMlHfbefT2pZC9vdUHCul3SAafHr4t5T-oIIj-H61WEAlv8x9Mfzo1cqzuxor4bqF090P_C7w7fQqzoSFEmUVm1PvbmzU9YENMC2O_ZAEkOC_qbBbzYZdzhA>)\n\nGoogle on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.\n\nThe issues, designated as [CVE-2021-37975 and CVE-2021-37976](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html>), are part of a total of four patches, and concern a [use-after-free flaw](<https://cwe.mitre.org/data/definitions/416.html>) in V8 JavaScript and WebAssembly engine as well as an information leak in core.\n\nAs is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it's aware that \"exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.\"\n\n[](<https://go.thn.li/rewind-1> \"Automatic GitHub Backups\" )\n\nAn anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Cl\u00e9ment Lecigne from Google Threat Analysis Group, who was also credited with [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>), another actively exploited use-after-free vulnerability in Chrome's Portals API that was reported last week, raising the possibility that the two flaws may have been stringed together as part of an exploit chain to execute arbitrary code.\n\nWith the latest update, Google has addressed a record 14 zero-days in the web browser since the start of the year.\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n\nChrome users are advised to update to the latest version (94.0.4606.71) for Windows, Mac, and Linux by heading to Settings &gt; Help &gt; 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-10-01T03:30:00", "modified": "2021-10-01T03:55:27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976"], "immutableFields": [], "lastseen": "2021-10-01T04:35:53", "history": [], "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35"]}, {"type": "thn", "idList": ["THN:F197A729A4F49F957F9D5910875EBAAA", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:FF8DAEC0AE0DDAE827D57407C51BE992", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:62ECC5B73032124D6559355B66E1C469", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:15BF409706D7240A5276C705732D745F"]}, {"type": "attackerkb", "idList": ["AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:51E88AF4-0A81-4B72-8855-34DF072124D9"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:CF9E25BD324C5940B0795721CA134155", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21224", "UB:CVE-2021-21166", "UB:CVE-2021-30551", "UB:CVE-2021-30563", "UB:CVE-2021-30554", "UB:CVE-2021-37973", "UB:CVE-2021-30632", "UB:CVE-2021-30633", "UB:CVE-2021-21206", "UB:CVE-2021-21148", "UB:CVE-2021-21220", "UB:CVE-2021-21193"]}, {"type": "cve", "idList": ["CVE-2021-21148", "CVE-2021-30563", "CVE-2021-21224", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21206"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/", "MSF:ILITIES/SUSE-CVE-2021-21166/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21206/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30563/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21166", "MS:CVE-2021-21224", "MS:CVE-2021-30632", "MS:CVE-2021-21206", "MS:CVE-2021-30554", "MS:CVE-2021-21220", "MS:CVE-2021-21193", "MS:CVE-2021-30633", "MS:CVE-2021-21148", "MS:CVE-2021-30551", "MS:CVE-2021-30563", "MS:CVE-2021-37973"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "freebsd", "idList": ["7C0D71A9-9D48-11EB-97A0-E09467587C17", "777EDBBE-2230-11EC-8869-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "701321.PASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "OPENSUSE-2021-712.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "701349.PASL", "OPENSUSE-2021-567.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL"]}, {"type": "kaspersky", "idList": ["KLA12143", "KLA12179", "KLA12298", "KLA12183", "KLA12284", "KLA12136"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0712-1", "OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:0575-1"]}, {"type": "securelist", "idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:67D945E5ECA0CDAAE641683ED29CBC30", "CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3", "CISA:F9916EF5EF9E126FF62CF4162B96669F", "CISA:D060813248AE96F3F62B7F67A176132F"]}, {"type": "zdi", "idList": ["ZDI-21-411"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162437"]}, {"type": "zdt", "idList": ["1337DAY-ID-36202"]}], "modified": "2021-10-01T04:35:53", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-01T04:35:53", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-10-01T04:35:53", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:FF8DAEC0AE0DDAE827D57407C51BE992", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:15BF409706D7240A5276C705732D745F", "THN:F197A729A4F49F957F9D5910875EBAAA", "THN:62ECC5B73032124D6559355B66E1C469", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:6A9CD6F085628D08978727C0FF597535", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "attackerkb", "idList": ["AKB:9D905B34-8121-41F5-8B42-E3A825212673", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9", "AKB:624AC3C7-B310-4975-8649-2694A0CF4962", "AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:51E88AF4-0A81-4B72-8855-34DF072124D9", "AKB:DD1DB11A-039E-4C46-8789-1158839E5A3F", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4", "AKB:7E06EF37-046E-4E9E-AD5A-F4C2477ECB9E", "AKB:732A3017-A62C-4347-9709-9B8790F47FA1", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21206", "UB:CVE-2021-37975", "UB:CVE-2021-21193", "UB:CVE-2021-21220", "UB:CVE-2021-21166", "UB:CVE-2021-30632", "UB:CVE-2021-21148", "UB:CVE-2021-21224", "UB:CVE-2021-37973", "UB:CVE-2021-37976", "UB:CVE-2021-30563", "UB:CVE-2021-30633", "UB:CVE-2021-30551", "UB:CVE-2021-30554"]}, {"type": "cve", "idList": ["CVE-2021-30554", "CVE-2021-30551", "CVE-2021-30633", "CVE-2021-21224", "CVE-2021-30563", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-21148", "CVE-2021-21220", "CVE-2021-30632", "CVE-2021-21166", "CVE-2021-21206", "CVE-2021-21193"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30563/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21206/", "MSF:ILITIES/SUSE-CVE-2021-21166/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21220", "MS:CVE-2021-37976", "MS:CVE-2021-21224", "MS:CVE-2021-37973", "MS:CVE-2021-21166", "MS:CVE-2021-30554", "MS:CVE-2021-30632", "MS:CVE-2021-21206", "MS:CVE-2021-21148", "MS:CVE-2021-30563", "MS:CVE-2021-21193", "MS:CVE-2021-37975", "MS:CVE-2021-30551", "MS:CVE-2021-30633"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "freebsd", "idList": ["7C0D71A9-9D48-11EB-97A0-E09467587C17", "777EDBBE-2230-11EC-8869-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12143", "KLA12136", "KLA12183"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "OPENSUSE-2021-567.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "OPENSUSE-2021-1358.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "OPENSUSE-2021-712.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0712-1", "OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:0575-1"]}, {"type": "securelist", "idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}], "modified": "2021-10-05T06:35:59", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-10-05T06:35:59", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"]}], "suse": [{"id": "OPENSUSE-SU-2021:1339-1", "hash": "c8071b0b9dbe711ea4cf6c2573e8f0d6", "type": "suse", "bulletinFamily": "unix", "title": "Security update for chromium (important)", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 94.0.4606.54 (boo#1190765):\n\n * CVE-2021-37956: Use after free in Offline use\n * CVE-2021-37957: Use after free in WebGPU\n * CVE-2021-37958: Inappropriate implementation in Navigation\n * CVE-2021-37959: Use after free in Task Manager\n * CVE-2021-37960: Inappropriate implementation in Blink graphics\n * CVE-2021-37961: Use after free in Tab Strip\n * CVE-2021-37962: Use after free in Performance Manager\n * CVE-2021-37963: Side-channel information leakage in DevTools\n * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking\n * CVE-2021-37965: Inappropriate implementation in Background Fetch API\n * CVE-2021-37966: Inappropriate implementation in Compositing\n * CVE-2021-37967: Inappropriate implementation in Background Fetch API\n * CVE-2021-37968: Inappropriate implementation in Background Fetch API\n * CVE-2021-37969: Inappropriate implementation in Google Updater\n * CVE-2021-37970: Use after free in File System API\n * CVE-2021-37971: Incorrect security UI in Web Browser UI\n * CVE-2021-37972: Out of bounds read in libjpeg-turbo\n\n Chromium 94.0.4606.61 (boo#1191166):\n\n * CVE-2021-37973: Use after free in Portals\n\n Chromium 94.0.4606.71 (boo#1191204):\n\n * CVE-2021-37974 : Use after free in Safe Browsing\n * CVE-2021-37975 : Use after free in V8\n * CVE-2021-37976 : Information leak in core\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1339=1", "published": "2021-10-11T14:16:13", "modified": "2021-10-11T14:16:13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GDJ2M5H37726GXT3YZBJRSXV3JYGN7CL/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "immutableFields": [], "lastseen": "2021-10-22T08:26:11", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "FEDORA_2021-116EFF380F.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1358.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL"]}, {"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "777EDBBE-2230-11EC-8869-704D7B472482", "B6C875F1-1D76-11EC-AE80-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12294", "KLA12298", "KLA12299"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1350-1"]}, {"type": "fedora", "idList": ["FEDORA:BE52E30CCCAA", "FEDORA:E043930AE6E8", "FEDORA:B97503020A86", "FEDORA:1C5A430C4EB3", "FEDORA:4CD8430AA7AD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37969", "UB:CVE-2021-37959", "UB:CVE-2021-37976", "UB:CVE-2021-37970", "UB:CVE-2021-37960", "UB:CVE-2021-37964", "UB:CVE-2021-37965", "UB:CVE-2021-37974", "UB:CVE-2021-37973", "UB:CVE-2021-37968", "UB:CVE-2021-37966", "UB:CVE-2021-37963", "UB:CVE-2021-37975", "UB:CVE-2021-37971", "UB:CVE-2021-37972", "UB:CVE-2021-37962", "UB:CVE-2021-37958", "UB:CVE-2021-37967", "UB:CVE-2021-37961"]}, {"type": "cve", "idList": ["CVE-2021-37964", "CVE-2021-37969", "CVE-2021-37968", "CVE-2021-37976", "CVE-2021-37971", "CVE-2021-37958", "CVE-2021-37957", "CVE-2021-37975", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37974", "CVE-2021-37956", "CVE-2021-37967", "CVE-2021-37959", "CVE-2021-37973", "CVE-2021-37962", "CVE-2021-37972", "CVE-2021-37970", "CVE-2021-37966", "CVE-2021-37961"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37961", "MS:CVE-2021-37968", "MS:CVE-2021-37958", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37962", "MS:CVE-2021-37956", "MS:CVE-2021-37970", "MS:CVE-2021-37963", "MS:CVE-2021-37959", "MS:CVE-2021-37973", "MS:CVE-2021-37967", "MS:CVE-2021-37971", "MS:CVE-2021-37966", "MS:CVE-2021-37965", "MS:CVE-2021-37975", "MS:CVE-2021-37957", "MS:CVE-2021-37976", "MS:CVE-2021-37974", "MS:CVE-2021-37972", "MS:CVE-2021-37969"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "hivepro", "idList": ["HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "thn", "idList": ["THN:50D7C51FE6D69FC5DB5B37402AD0E412"]}], "modified": "2021-10-22T00:26:12", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-10-22T00:26:12", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "aarch64", "operator": "lt", "packageVersion": "94.0.4606.71-bp153.2.31.1", "packageFilename": "chromedriver-94.0.4606.71-bp153.2.31.1.aarch64.rpm", "packageName": "chromedriver"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.71-bp153.2.31.1", "packageFilename": "chromedriver-94.0.4606.71-bp153.2.31.1.x86_64.rpm", "packageName": "chromedriver"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "aarch64", "operator": "lt", "packageVersion": "94.0.4606.71-bp153.2.31.1", "packageFilename": "chromium-94.0.4606.71-bp153.2.31.1.aarch64.rpm", "packageName": "chromium"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.71-bp153.2.31.1", "packageFilename": "chromium-94.0.4606.71-bp153.2.31.1.x86_64.rpm", "packageName": "chromium"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-SU-2021:1350-1", "hash": "313a163c1b98b5485f5400844a9f1f9a", "type": "suse", "bulletinFamily": "unix", "title": "Security update for chromium (important)", "description": "An update that fixes 25 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 94.0.4606.81 (boo#1191463):\n\n * CVE-2021-37977: Use after free in Garbage Collection\n * CVE-2021-37978: Heap buffer overflow in Blink\n * CVE-2021-37979: Heap buffer overflow in WebRTC\n * CVE-2021-37980: Inappropriate implementation in Sandbox\n\n Chromium 94.0.4606.54 (boo#1190765):\n\n * CVE-2021-37956: Use after free in Offline use\n * CVE-2021-37957: Use after free in WebGPU\n * CVE-2021-37958: Inappropriate implementation in Navigation\n * CVE-2021-37959: Use after free in Task Manager\n * CVE-2021-37960: Inappropriate implementation in Blink graphics\n * CVE-2021-37961: Use after free in Tab Strip\n * CVE-2021-37962: Use after free in Performance Manager\n * CVE-2021-37963: Side-channel information leakage in DevTools\n * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking\n * CVE-2021-37965: Inappropriate implementation in Background Fetch API\n * CVE-2021-37966: Inappropriate implementation in Compositing\n * CVE-2021-37967: Inappropriate implementation in Background Fetch API\n * CVE-2021-37968: Inappropriate implementation in Background Fetch API\n * CVE-2021-37969: Inappropriate implementation in Google Updater\n * CVE-2021-37970: Use after free in File System API\n * CVE-2021-37971: Incorrect security UI in Web Browser UI\n * CVE-2021-37972: Out of bounds read in libjpeg-turbo\n\n Chromium 94.0.4606.61 (boo#1191166):\n\n * CVE-2021-37973: Use after free in Portals\n\n Chromium 94.0.4606.71 (boo#1191204):\n\n * CVE-2021-37974 : Use after free in Safe Browsing\n * CVE-2021-37975 : Use after free in V8\n * CVE-2021-37976 : Information leak in core\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1350=1", "published": "2021-10-12T14:58:47", "modified": "2021-10-12T14:58:47", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "immutableFields": [], "lastseen": "2021-10-22T08:26:11", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1339.NASL", "FEDORA_2021-116EFF380F.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "701368.PASL", "OPENSUSE-2021-1358.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "freebsd", "idList": ["3551E106-1B17-11EC-A8A7-704D7B472482", "777EDBBE-2230-11EC-8869-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC"]}, {"type": "kaspersky", "idList": ["KLA12294", "KLA12299"]}, {"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD", "FEDORA:E043930AE6E8", "FEDORA:1C5A430C4EB3", "FEDORA:BE52E30CCCAA"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37979", "UB:CVE-2021-37978", "UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37969", "UB:CVE-2021-37959", "UB:CVE-2021-37980", "UB:CVE-2021-37976", "UB:CVE-2021-37970", "UB:CVE-2021-37960", "UB:CVE-2021-37964", "UB:CVE-2021-37977", "UB:CVE-2021-37965", "UB:CVE-2021-37974", "UB:CVE-2021-37973", "UB:CVE-2021-37968", "UB:CVE-2021-37966", "UB:CVE-2021-37963", "UB:CVE-2021-37975", "UB:CVE-2021-37971", "UB:CVE-2021-37972", "UB:CVE-2021-37962", "UB:CVE-2021-37958", "UB:CVE-2021-37967", "UB:CVE-2021-37961"]}, {"type": "cve", "idList": ["CVE-2021-37964", "CVE-2021-37969", "CVE-2021-37968", "CVE-2021-37976", "CVE-2021-37971", "CVE-2021-37958", "CVE-2021-37957", "CVE-2021-37975", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37974", "CVE-2021-37956", "CVE-2021-37967", "CVE-2021-37959", "CVE-2021-37973", "CVE-2021-37962", "CVE-2021-37972", "CVE-2021-37970", "CVE-2021-37966", "CVE-2021-37961"]}, {"type": "attackerkb", "idList": ["AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37961", "MS:CVE-2021-37968", "MS:CVE-2021-37958", "MS:CVE-2021-37960", "MS:CVE-2021-37964", "MS:CVE-2021-37962", "MS:CVE-2021-37956", "MS:CVE-2021-37970", "MS:CVE-2021-37963", "MS:CVE-2021-37959", "MS:CVE-2021-37973", "MS:CVE-2021-37967", "MS:CVE-2021-37971", "MS:CVE-2021-37966", "MS:CVE-2021-37965", "MS:CVE-2021-37975", "MS:CVE-2021-37957", "MS:CVE-2021-37976", "MS:CVE-2021-37974", "MS:CVE-2021-37972", "MS:CVE-2021-37969"]}, {"type": "threatpost", "idList": ["THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}], "modified": "2021-10-22T00:26:12", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-10-22T00:26:12", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.81-lp152.2.132.1", "packageFilename": "chromedriver-94.0.4606.81-lp152.2.132.1.x86_64.rpm", "packageName": "chromedriver"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.81-lp152.2.132.1", "packageFilename": "chromedriver-debuginfo-94.0.4606.81-lp152.2.132.1.x86_64.rpm", "packageName": "chromedriver-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.81-lp152.2.132.1", "packageFilename": "chromium-94.0.4606.81-lp152.2.132.1.x86_64.rpm", "packageName": "chromium"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "94.0.4606.81-lp152.2.132.1", "packageFilename": "chromium-debuginfo-94.0.4606.81-lp152.2.132.1.x86_64.rpm", "packageName": "chromium-debuginfo"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}], "fedora": [{"id": "FEDORA:4CD8430AA7AD", "hash": "1624cac0063c4b1cbc64af25ba5c5413", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 34 Update: chromium-94.0.4606.61-1.fc34", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "published": "2021-10-03T01:10:21", "modified": "2021-10-03T01:10:21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-03T22:44:14", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "fedora", "idList": ["FEDORA:E043930AE6E8"]}, {"type": "freebsd", "idList": ["47B571F2-157B-11EC-AE98-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12296", "KLA12280", "KLA12294", "KLA12295"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "OPENSUSE-2021-1330.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "OPENSUSE-2021-1339.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1330-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "archlinux", "idList": ["ASA-202109-6"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37971", "UB:CVE-2021-37962", "UB:CVE-2021-37964", "UB:CVE-2021-30626", "UB:CVE-2021-37972", "UB:CVE-2021-37961", "UB:CVE-2021-30625", "UB:CVE-2021-37967", "UB:CVE-2021-30633", "UB:CVE-2021-30632", "UB:CVE-2021-30542", "UB:CVE-2021-30631", "UB:CVE-2021-30628", "UB:CVE-2021-30630", "UB:CVE-2021-37968", "UB:CVE-2021-37966", "UB:CVE-2021-37963", "UB:CVE-2021-37973", "UB:CVE-2021-37956", "UB:CVE-2021-37960", "UB:CVE-2021-37965", "UB:CVE-2021-37957", "UB:CVE-2021-37969", "UB:CVE-2021-30543", "UB:CVE-2021-30629", "UB:CVE-2021-37970", "UB:CVE-2021-37959", "UB:CVE-2021-30627", "UB:CVE-2021-37958"]}, {"type": "cve", "idList": ["CVE-2021-37963", "CVE-2021-37973", "CVE-2021-30543", "CVE-2021-30625", "CVE-2021-37956", "CVE-2021-30542", "CVE-2021-30626", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-30627", "CVE-2021-37961", "CVE-2021-30630", "CVE-2021-37972", "CVE-2021-37964", "CVE-2021-37962", "CVE-2021-37967", "CVE-2021-37965", "CVE-2021-30628", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-30632", "CVE-2021-37970", "CVE-2021-37969", "CVE-2021-37966", "CVE-2021-30629", "CVE-2021-37957", "CVE-2021-30633"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:624AC3C7-B310-4975-8649-2694A0CF4962"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37969", "MS:CVE-2021-30628", "MS:CVE-2021-30631", "MS:CVE-2021-37966", "MS:CVE-2021-30630", "MS:CVE-2021-30627", "MS:CVE-2021-37963", "MS:CVE-2021-37958", "MS:CVE-2021-37964", "MS:CVE-2021-37962", "MS:CVE-2021-37960", "MS:CVE-2021-37973", "MS:CVE-2021-37957", "MS:CVE-2021-30629"]}], "modified": "2021-10-03T22:44:14", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-03T22:44:14", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Fedora", "OSVersion": "34", "arch": "any", "packageVersion": "94.0.4606.61", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.fedora.FedoraBulletin", "robots.models.base.Bulletin"]}, {"id": "FEDORA:E043930AE6E8", "hash": "ba855cfb2fd954f760360070b2139476", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 33 Update: chromium-94.0.4606.61-1.fc33", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "published": "2021-10-09T00:27:38", "modified": "2021-10-09T00:27:38", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "immutableFields": [], "lastseen": "2021-10-09T22:45:12", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "fedora", "idList": ["FEDORA:4CD8430AA7AD"]}, {"type": "freebsd", "idList": ["47B571F2-157B-11EC-AE98-704D7B472482", "3551E106-1B17-11EC-A8A7-704D7B472482"]}, {"type": "kaspersky", "idList": ["KLA12299", "KLA12296", "KLA12280", "KLA12294", "KLA12295"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "OPENSUSE-2021-1350.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "OPENSUSE-2021-1330.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "OPENSUSE-2021-1339.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1330-1", "OPENSUSE-SU-2021:1339-1"]}, {"type": "archlinux", "idList": ["ASA-202109-6"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-37971", "UB:CVE-2021-37962", "UB:CVE-2021-37964", "UB:CVE-2021-30626", "UB:CVE-2021-37972", "UB:CVE-2021-37961", "UB:CVE-2021-30625", "UB:CVE-2021-37967", "UB:CVE-2021-30633", "UB:CVE-2021-30632", "UB:CVE-2021-30542", "UB:CVE-2021-30631", "UB:CVE-2021-30628", "UB:CVE-2021-30630", "UB:CVE-2021-37968", "UB:CVE-2021-37966", "UB:CVE-2021-37963", "UB:CVE-2021-37973", "UB:CVE-2021-37956", "UB:CVE-2021-37960", "UB:CVE-2021-37965", "UB:CVE-2021-37957", "UB:CVE-2021-37969", "UB:CVE-2021-30543", "UB:CVE-2021-30629", "UB:CVE-2021-37970", "UB:CVE-2021-37959", "UB:CVE-2021-30627", "UB:CVE-2021-37958"]}, {"type": "cve", "idList": ["CVE-2021-37963", "CVE-2021-37973", "CVE-2021-30543", "CVE-2021-30625", "CVE-2021-37956", "CVE-2021-30542", "CVE-2021-30626", "CVE-2021-37959", "CVE-2021-37958", "CVE-2021-30627", "CVE-2021-37961", "CVE-2021-30630", "CVE-2021-37972", "CVE-2021-37964", "CVE-2021-37962", "CVE-2021-37967", "CVE-2021-37965", "CVE-2021-30628", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-30632", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37966", "CVE-2021-30629", "CVE-2021-37957", "CVE-2021-30633"]}, {"type": "attackerkb", "idList": ["AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:624AC3C7-B310-4975-8649-2694A0CF4962"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-37972"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD"]}, {"type": "mscve", "idList": ["MS:CVE-2021-37969", "MS:CVE-2021-30628", "MS:CVE-2021-30631", "MS:CVE-2021-37966", "MS:CVE-2021-30630", "MS:CVE-2021-30627", "MS:CVE-2021-37963", "MS:CVE-2021-37958", "MS:CVE-2021-37964", "MS:CVE-2021-37962", "MS:CVE-2021-37960", "MS:CVE-2021-37973", "MS:CVE-2021-37957", "MS:CVE-2021-30629"]}], "modified": "2021-10-09T22:45:12", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-09T22:45:12", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Fedora", "OSVersion": "33", "arch": "any", "packageVersion": "94.0.4606.61", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.fedora.FedoraBulletin", "robots.models.base.Bulletin"]}]}