Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{"mscve": [{"lastseen": "2023-08-11T22:59:55", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-01T16:05:11", "type": "mscve", "title": "Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3057"], "modified": "2022-09-01T16:05:11", "id": "MS:CVE-2022-3057", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3057", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2023-08-11T21:33:21", "description": "chrome is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the implementation in iframe Sandbox allowing an attacker to leak cross-origin data via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-16T19:26:18", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3057"], "modified": "2023-08-09T14:46:08", "id": "VERACODE:37088", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37088/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-08-11T21:00:57", "description": "Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T16:15:00", "type": "cve", "title": "CVE-2022-3057", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3057"], "modified": "2023-08-08T14:22:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-3057", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3057", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}], "prion": [{"lastseen": "2023-08-15T16:57:36", "description": "Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T16:15:00", "type": "prion", "title": "CVE-2022-3057", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3057"], "modified": "2023-08-08T14:22:00", "id": "PRION:CVE-2022-3057", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-3057", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-08-12T15:10:07", "description": "Inappropriate implementation in iframe Sandbox in Google Chrome prior to\n105.0.5195.52 allowed a remote attacker to leak cross-origin data via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-3057", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3057"], "modified": "2022-09-26T00:00:00", "id": "UB:CVE-2022-3057", "href": "https://ubuntu.com/security/CVE-2022-3057", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-06-26T15:07:07", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-02T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-38012"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_105_0_1343_25.NASL", "href": "https://www.tenable.com/plugins/nessus/164638", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164638);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-38012\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0361-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 1, 2022 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-1-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31d28038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 105.0.1343.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38012\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3058\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '105.0.1343.25' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:03:51", "description": "The version of Google Chrome installed on the remote Windows host is prior to 105.0.5195.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-30T00:00:00", "type": "nessus", "title": "Google Chrome < 105.0.5195.52 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_105_0_5195_52.NASL", "href": "https://www.tenable.com/plugins/nessus/164508", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164508);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0346-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"Google Chrome < 105.0.5195.52 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 105.0.5195.52. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?613dc709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1340253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1345947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1338553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1051198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1339648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1346245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1316892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1337132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1345245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1346154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1267867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1290236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1351969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1329460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1337676\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 105.0.5195.52 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3058\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3071\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'105.0.5195.52', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:03:48", "description": "The version of Google Chrome installed on the remote macOS host is prior to 105.0.5195.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-30T00:00:00", "type": "nessus", "title": "Google Chrome < 105.0.5195.52 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_105_0_5195_52.NASL", "href": "https://www.tenable.com/plugins/nessus/164509", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164509);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0346-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"Google Chrome < 105.0.5195.52 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 105.0.5195.52. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?613dc709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1340253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1345947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1338553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1051198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1339648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1346245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1316892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1337132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1345245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1346154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1267867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1290236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1351969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1329460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1337676\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 105.0.5195.52 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3058\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3071\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'105.0.5195.52', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:02:31", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f2043ff6-2916-11ed-a1ef-3065ec8fd3ec advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f2043ff6-2916-11ed-a1ef-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058"], "modified": "2023-03-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F2043FF6291611EDA1EF3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/164520", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164520);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0346-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f2043ff6-2916-11ed-a1ef-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the f2043ff6-2916-11ed-a1ef-3065ec8fd3ec advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?613dc709\");\n # https://vuxml.freebsd.org/freebsd/f2043ff6-2916-11ed-a1ef-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33f35751\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3058\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<105.0.5195.52'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:06:35", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5223 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-02T00:00:00", "type": "nessus", "title": "Debian DSA-5223-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071"], "modified": "2023-03-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5223.NASL", "href": "https://www.tenable.com/plugins/nessus/164648", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5223. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164648);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"Debian DSA-5223-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5223 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 105.0.5195.52-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3071\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '105.0.5195.52-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '105.0.5195.52-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '105.0.5195.52-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '105.0.5195.52-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '105.0.5195.52-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '105.0.5195.52-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:07:34", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10120-1 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10120-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075"], "modified": "2023-03-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10120-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165221", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10120-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165221);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10120-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10120-1 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203102\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2EVLCBABO7RGGUVQCAZPA7MNGKWHWCJN/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?425ec14b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3071\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-105.0.5195.102-bp153.2.119.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-105.0.5195.102-bp153.2.119.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-105.0.5195.102-bp153.2.119.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-105.0.5195.102-bp153.2.119.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:07:08", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10119-1 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10119-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075"], "modified": "2023-03-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10119-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164951", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10119-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164951);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10119-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10119-1 advisory.\n\n - Use after free in Network Service. (CVE-2022-3038)\n\n - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout. (CVE-2022-3040)\n\n - Use after free in PhoneHub. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation. (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8. (CVE-2022-3045)\n\n - Use after free in Browser Tag. (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)\n\n - Use after free in SplitScreen. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-3054)\n\n - Use after free in Passwords. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow. (CVE-2022-3058)\n\n - Use after free in Tab Strip. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203102\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GAVZ7A2NRXHLI7C5TFF7GQHYKEGQIQRR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?492af222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3071\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-105.0.5195.102-bp154.2.26.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-105.0.5195.102-bp154.2.26.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-105.0.5195.102-bp154.2.26.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-105.0.5195.102-bp154.2.26.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:06:37", "description": "The remote host is affected by the vulnerability described in GLSA-202209-23 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-38012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "GLSA-202209-23 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201", "CVE-2022-38012"], "modified": "2023-03-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202209-23.NASL", "href": "https://www.tenable.com/plugins/nessus/165535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202209-23.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165535);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\",\n \"CVE-2022-38012\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0396-S\");\n\n script_name(english:\"GLSA-202209-23 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202209-23 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-38012)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202209-23\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=868156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=868354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=870142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=872407\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-105.0.5195.125\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-105.0.5195.125\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-105.0.5195.125\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-105.0.1343.42\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3199\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3200\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 105.0.5195.125\", \"lt 105.0.0\"),\n 'vulnerable' : make_list(\"lt 105.0.5195.125\")\n },\n {\n 'name' : \"www-client/chromium-bin\",\n 'unaffected' : make_list(\"ge 105.0.5195.125\", \"lt 105.0.0\"),\n 'vulnerable' : make_list(\"lt 105.0.5195.125\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 105.0.5195.125\", \"lt 105.0.0\"),\n 'vulnerable' : make_list(\"lt 105.0.5195.125\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 105.0.1343.42\", \"lt 105.0.0\"),\n 'vulnerable' : make_list(\"lt 105.0.1343.42\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:13:36", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 36 : chromium (2022-b49c9bc07a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-B49C9BC07A.NASL", "href": "https://www.tenable.com/plugins/nessus/169151", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-b49c9bc07a\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169151);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-b49c9bc07a\");\n\n script_name(english:\"Fedora 36 : chromium (2022-b49c9bc07a)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b49c9bc07a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3199\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:12:58", "description": "The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 35 : chromium (2022-3ca063941b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-3CA063941B.NASL", "href": "https://www.tenable.com/plugins/nessus/169098", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-3ca063941b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169098);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-3ca063941b\");\n\n script_name(english:\"Fedora 35 : chromium (2022-3ca063941b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3199\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-08-11T23:37:12", "description": "### *Detect date*:\n09/01/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-3053](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053>) \n[CVE-2022-3039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039>) \n[CVE-2022-3041](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041>) \n[CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>) \n[CVE-2022-3047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047>) \n[CVE-2022-3045](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045>) \n[CVE-2022-3054](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054>) \n[CVE-2022-3058](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058>) \n[CVE-2022-3057](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057>) \n[CVE-2022-3046](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046>) \n[CVE-2022-3044](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044>) \n[CVE-2022-3040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040>) \n[CVE-2022-3055](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055>) \n[CVE-2022-3056](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056>) \n[CVE-2022-3038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-3040](<https://vulners.com/cve/CVE-2022-3040>)5.0Critical \n[CVE-2022-3045](<https://vulners.com/cve/CVE-2022-3045>)5.0Critical \n[CVE-2022-3054](<https://vulners.com/cve/CVE-2022-3054>)5.0Critical \n[CVE-2022-3053](<https://vulners.com/cve/CVE-2022-3053>)5.0Critical \n[CVE-2022-3046](<https://vulners.com/cve/CVE-2022-3046>)5.0Critical \n[CVE-2022-3057](<https://vulners.com/cve/CVE-2022-3057>)5.0Critical \n[CVE-2022-3038](<https://vulners.com/cve/CVE-2022-3038>)5.0Critical \n[CVE-2022-3047](<https://vulners.com/cve/CVE-2022-3047>)5.0Critical \n[CVE-2022-3058](<https://vulners.com/cve/CVE-2022-3058>)5.0Critical \n[CVE-2022-3055](<https://vulners.com/cve/CVE-2022-3055>)5.0Critical \n[CVE-2022-3039](<https://vulners.com/cve/CVE-2022-3039>)5.0Critical \n[CVE-2022-3044](<https://vulners.com/cve/CVE-2022-3044>)5.0Critical \n[CVE-2022-3041](<https://vulners.com/cve/CVE-2022-3041>)5.0Critical \n[CVE-2022-3056](<https://vulners.com/cve/CVE-2022-3056>)5.0Critical \n[CVE-2022-38012](<https://vulners.com/cve/CVE-2022-38012>)5.0Critical\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "kaspersky", "title": "KLA15734 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-38012"], "modified": "2023-03-28T00:00:00", "id": "KLA15734", "href": "https://threats.kaspersky.com/en/vulnerability/KLA15734/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T23:37:24", "description": "### *Detect date*:\n08/30/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 105.0.5195.54\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-3040](<https://vulners.com/cve/CVE-2022-3040>)5.0Critical \n[CVE-2022-3045](<https://vulners.com/cve/CVE-2022-3045>)5.0Critical \n[CVE-2022-3054](<https://vulners.com/cve/CVE-2022-3054>)5.0Critical \n[CVE-2022-3053](<https://vulners.com/cve/CVE-2022-3053>)5.0Critical \n[CVE-2022-3046](<https://vulners.com/cve/CVE-2022-3046>)5.0Critical \n[CVE-2022-3057](<https://vulners.com/cve/CVE-2022-3057>)5.0Critical \n[CVE-2022-3038](<https://vulners.com/cve/CVE-2022-3038>)5.0Critical \n[CVE-2022-3047](<https://vulners.com/cve/CVE-2022-3047>)5.0Critical \n[CVE-2022-3058](<https://vulners.com/cve/CVE-2022-3058>)5.0Critical \n[CVE-2022-3051](<https://vulners.com/cve/CVE-2022-3051>)5.0Critical \n[CVE-2022-3048](<https://vulners.com/cve/CVE-2022-3048>)5.0Critical \n[CVE-2022-3043](<https://vulners.com/cve/CVE-2022-3043>)5.0Critical \n[CVE-2022-3055](<https://vulners.com/cve/CVE-2022-3055>)5.0Critical \n[CVE-2022-3052](<https://vulners.com/cve/CVE-2022-3052>)5.0Critical \n[CVE-2022-3039](<https://vulners.com/cve/CVE-2022-3039>)5.0Critical \n[CVE-2022-3044](<https://vulners.com/cve/CVE-2022-3044>)5.0Critical \n[CVE-2022-3050](<https://vulners.com/cve/CVE-2022-3050>)5.0Critical \n[CVE-2022-3042](<https://vulners.com/cve/CVE-2022-3042>)5.0Critical \n[CVE-2022-3041](<https://vulners.com/cve/CVE-2022-3041>)5.0Critical \n[CVE-2022-3056](<https://vulners.com/cve/CVE-2022-3056>)5.0Critical \n[CVE-2022-3049](<https://vulners.com/cve/CVE-2022-3049>)5.0Critical \n[CVE-2022-3071](<https://vulners.com/cve/CVE-2022-3071>)5.0Critical", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-30T00:00:00", "type": "kaspersky", "title": "KLA15732 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071"], "modified": "2023-07-27T00:00:00", "id": "KLA15732", "href": "https://threats.kaspersky.com/en/vulnerability/KLA15732/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-08-11T21:56:50", "description": "\n\nChrome Releases reports:\n\nThis release contains 24 security fixes, including:\n\n[1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28\n[1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11\n[1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03\n[1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20\n[1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22\n[1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16\n[1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12\n[1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis <info@bnoordhuis.nl> on 2022-06-26\n[1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21\n[1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07\n[1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06\n[1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17\n[1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17\n[1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18\n[1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21\n[1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08\n[1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24\n[1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11\n[1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26\n[1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16\n[1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-30T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058"], "modified": "2022-08-30T00:00:00", "id": "F2043FF6-2916-11ED-A1EF-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/f2043ff6-2916-11ed-a1ef-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-09-02T00:14:20", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 105.0.5195.52-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3042", "CVE-2022-3071", "CVE-2022-3040", "CVE-2022-3047", "CVE-2022-3058", "CVE-2022-3049", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3048", "CVE-2022-3055", "CVE-2022-3039", "CVE-2022-3044", "CVE-2022-3041", "CVE-2022-3050", "CVE-2022-3043", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3051", "CVE-2022-3038", "CVE-2022-3052"], "modified": "2022-09-02T00:14:18", "id": "OSV:DSA-5223-1", "href": "https://osv.dev/vulnerability/DSA-5223-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-08-11T22:57:18", "description": "The chromium-browser-stable package has been updated to the new 105 branch with the 105.0.5195.102 version, fixing many bugs and 25 vulnerabilities. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Some of the addressed CVE are listed below: High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28 High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03 High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20 High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22 High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16 High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12 High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26 High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21 High CVE-2022-3071: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-06-06 Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07 Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06 Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17 Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17 Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18 Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21 Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08 Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24 Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11 Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26 Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16 Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-04T19:47:19", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075"], "modified": "2022-09-04T19:47:15", "id": "MGASA-2022-0318", "href": "https://advisories.mageia.org/MGASA-2022-0318.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-08-16T14:52:59", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5223-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 01, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 \n CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 \n CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 \n CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 \n CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 \n CVE-2022-3058 CVE-2022-3071\nDebian Bug : 987292\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 105.0.5195.52-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-01T19:22:26", "type": "debian", "title": "[SECURITY] [DSA 5223-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071"], "modified": "2022-09-01T19:22:26", "id": "DEBIAN:DSA-5223-1:94035", "href": "https://lists.debian.org/debian-security-announce/2022/msg00192.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T12:08:13", "description": "An update that fixes 23 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 105.0.5195.102 (boo#1203102):\n\n * CVE-2022-3075: Insufficient data validation in Mojo\n\n Chromium 105.0.5195.52 (boo#1202964):\n\n * CVE-2022-3038: Use after free in Network Service\n * CVE-2022-3039: Use after free in WebSQL\n * CVE-2022-3040: Use after free in Layout\n * CVE-2022-3041: Use after free in WebSQL\n * CVE-2022-3042: Use after free in PhoneHub\n * CVE-2022-3043: Heap buffer overflow in Screen Capture\n * CVE-2022-3044: Inappropriate implementation in Site Isolation\n * CVE-2022-3045: Insufficient validation of untrusted input in V8\n * CVE-2022-3046: Use after free in Browser Tag\n * CVE-2022-3071: Use after free in Tab Strip\n * CVE-2022-3047: Insufficient policy enforcement in Extensions API\n * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen\n * CVE-2022-3049: Use after free in SplitScreen\n * CVE-2022-3050: Heap buffer overflow in WebUI\n * CVE-2022-3051: Heap buffer overflow in Exosphere\n * CVE-2022-3052: Heap buffer overflow in Window Manager\n * CVE-2022-3053: Inappropriate implementation in Pointer Lock\n * CVE-2022-3054: Insufficient policy enforcement in DevTools\n * CVE-2022-3055: Use after free in Passwords\n * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy\n * CVE-2022-3057: Inappropriate implementation in iframe Sandbox\n * CVE-2022-3058: Use after free in Sign-In Flow\n\n - Update chromium-symbolic.svg: this fixes boo#1202403.\n\n - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10119=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-12T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075"], "modified": "2022-09-12T00:00:00", "id": "OPENSUSE-SU-2022:10119-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GAVZ7A2NRXHLI7C5TFF7GQHYKEGQIQRR/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T12:08:13", "description": "An update that fixes 23 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 105.0.5195.102 (boo#1203102):\n\n * CVE-2022-3075: Insufficient data validation in Mojo\n\n Chromium 105.0.5195.52 (boo#1202964):\n\n * CVE-2022-3038: Use after free in Network Service\n * CVE-2022-3039: Use after free in WebSQL\n * CVE-2022-3040: Use after free in Layout\n * CVE-2022-3041: Use after free in WebSQL\n * CVE-2022-3042: Use after free in PhoneHub\n * CVE-2022-3043: Heap buffer overflow in Screen Capture\n * CVE-2022-3044: Inappropriate implementation in Site Isolation\n * CVE-2022-3045: Insufficient validation of untrusted input in V8\n * CVE-2022-3046: Use after free in Browser Tag\n * CVE-2022-3071: Use after free in Tab Strip\n * CVE-2022-3047: Insufficient policy enforcement in Extensions API\n * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen\n * CVE-2022-3049: Use after free in SplitScreen\n * CVE-2022-3050: Heap buffer overflow in WebUI\n * CVE-2022-3051: Heap buffer overflow in Exosphere\n * CVE-2022-3052: Heap buffer overflow in Window Manager\n * CVE-2022-3053: Inappropriate implementation in Pointer Lock\n * CVE-2022-3054: Insufficient policy enforcement in DevTools\n * CVE-2022-3055: Use after free in Passwords\n * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy\n * CVE-2022-3057: Inappropriate implementation in iframe Sandbox\n * CVE-2022-3058: Use after free in Sign-In Flow\n\n - Update chromium-symbolic.svg: this fixes boo#1202403.\n - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10120=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-12T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075"], "modified": "2022-09-12T00:00:00", "id": "OPENSUSE-SU-2022:10120-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2EVLCBABO7RGGUVQCAZPA7MNGKWHWCJN/", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-08-26T20:48:13", "description": "The Chrome team is delighted to announce the promotion of Chrome 105 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n\n\nChrome 105.0.5195.52 ( Mac/linux) and 105.0.5195.52/53/54( Windows) contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/104.0.5112.102..105.0.5195.54?pretty=fuller&n=10000>). Watch out for upcoming[ ](<https://chrome.blogspot.com/>)[Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 105.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [2](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M105>)_6_ security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$NA][[1340253](<https://crbug.com/1340253>)] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28\n\n[$7000][[1350909](<https://crbug.com/1350909>)] **High** CVE-2022-4912: Type Confusion in MathML. Reported by Anonymous _on 2022-08-08_\n\n[$10000][[1343348](<https://crbug.com/1343348>)] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11\n\n[$9000][[1341539](<https://crbug.com/1341539>)] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03\n\n[$7500][[1345947](<https://crbug.com/1345947>)] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20\n\n[$5000][[1338553](<https://crbug.com/1338553>)] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22\n\n[$3000][[1336979](<https://crbug.com/1336979>)] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16\n\n[$NA][[1051198](<https://crbug.com/1051198>)] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12\n\n[$TBD][[1339648](<https://crbug.com/1339648>)] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis <info@bnoordhuis.nl> on 2022-06-26\n\n[$TBD][[1346245](<https://crbug.com/1346245>)] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21\n\n[$3000][[1333995](<https://crbug.com/1333995>)] High CVE-2022-3071: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-06-06\n\n[$NA][[1183604](<https://crbug.com/1183604>)] **High** CVE-2022-4913: Inappropriate implementation in Extensions. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research _on 2021-03-02_\n\n[$7000][[1342586](<https://crbug.com/1342586>)] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07\n\n[$5000][[1303308](<https://crbug.com/1303308>)] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06\n\n[$3000][[1316892](<https://crbug.com/1316892>)] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17\n\n[$3000][[1337132](<https://crbug.com/1337132>)] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17\n\n[$2000][[1345245](<https://crbug.com/1345245>)] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18\n\n[$2000][[1346154](<https://crbug.com/1346154>)] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21\n\n[$TBD][[1267867](<https://crbug.com/1267867>)] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08\n\n[$TBD][[1290236](<https://crbug.com/1290236>)] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24\n\n[$TBD][[1351969](<https://crbug.com/1351969>)] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11\n\n[$3000][[1329460](<https://crbug.com/1329460>)] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26\n\n[$2000][[1336904](<https://crbug.com/1336904>)] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16\n\n[$1000][[1337676](<https://crbug.com/1337676>)] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1357881](<https://crbug.com/1357881>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://support.google.com/chrome/community>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-30T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-4912", "CVE-2022-4913"], "modified": "2022-08-30T00:00:00", "id": "GCSA-6098751293474831349", "href": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-08-11T22:41:41", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-105.0.5195.125\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-105.0.5195.125\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-105.0.5195.125\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-105.0.1343.42\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-29T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201", "CVE-2022-38012"], "modified": "2022-09-29T00:00:00", "id": "GLSA-202209-23", "href": "https://security.gentoo.org/glsa/202209-23", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-03T00:22:01", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-03T00:22:01", "id": "FEDORA:63A16302C983", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:01:54", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:01:54", "id": "FEDORA:16ADB302CDBA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACB3ENEHQ55GVZKKYER7KSRXT3HUFV7D/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:05:03", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:05:03", "id": "FEDORA:C6FE430979BC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LVOHGEQF56ZD3C5BZHVIWAXFM2Z3A2HV/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-09-13T22:03:40", "description": "\n\nThis month\u2019s [Patch Tuesday](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) is on the lighter side, with 79 CVEs being fixed by Microsoft (including 16 CVEs affecting Chromium, used by their Edge browser, that were already available). One zero-day was announced: [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969>) is an elevation of privilege vulnerability affecting the Log File System Driver in all supported versions of Windows, allowing attackers to gain SYSTEM-level access on an asset they\u2019ve already got an initial foothold in. Interestingly, Microsoft credits four separate researchers/organizations for independently reporting this, which may be indicative of relatively widespread exploitation. Also previously disclosed (in March), though less useful to attackers, Microsoft has released a fix for [CVE-2022-23960](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23960>) (aka Spectre-BHB) for Windows 11 on ARM64.\n\nSome of the more noteworthy vulnerabilities this month affect Windows systems with IPSec enabled. [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718>) allows remote code execution (RCE) on any Windows system reachable via IPv6; [CVE-2022-34721](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721>) and [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722>) are RCE vulnerabilities in the Windows Internet Key Exchange (IKE) Protocol Extensions. All three CVEs are ranked Critical and carry a CVSSv3 base score of 9.8. Rounding out the Critical RCEs this month are [CVE-2022-35805](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805>) and [CVE-2022-34700](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700>), both of which affect Microsoft Dynamics (on-premise) and have a CVSSv3 base score of 8.8. Any such systems should be updated immediately.\n\nSharePoint administrators should also be aware of four separate RCEs being addressed this month. They\u2019re ranked Important, meaning Microsoft recommends applying the updates at the earliest opportunity. Finally, a large swath of CVEs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver were also fixed. These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file.\n\n## Summary charts\n\n\n\n## Summary tables\n\n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38007>) | Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38012](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38012>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 7.7 | Yes \n[CVE-2022-3075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3075>) | Chromium: CVE-2022-3075 Insufficient data validation in Mojo | No | No | N/A | Yes \n[CVE-2022-3058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3058>) | Chromium: CVE-2022-3058 Use after free in Sign-In Flow | No | No | N/A | Yes \n[CVE-2022-3057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3057>) | Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox | No | No | N/A | Yes \n[CVE-2022-3056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3056>) | Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy | No | No | N/A | Yes \n[CVE-2022-3055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3055>) | Chromium: CVE-2022-3055 Use after free in Passwords | No | No | N/A | Yes \n[CVE-2022-3054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3054>) | Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools | No | No | N/A | Yes \n[CVE-2022-3053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3053>) | Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock | No | No | N/A | Yes \n[CVE-2022-3047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3047>) | Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API | No | No | N/A | Yes \n[CVE-2022-3046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3046>) | Chromium: CVE-2022-3046 Use after free in Browser Tag | No | No | N/A | Yes \n[CVE-2022-3045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3045>) | Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 | No | No | N/A | Yes \n[CVE-2022-3044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3044>) | Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation | No | No | N/A | Yes \n[CVE-2022-3041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3041>) | Chromium: CVE-2022-3041 Use after free in WebSQL | No | No | N/A | Yes \n[CVE-2022-3040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3040>) | Chromium: CVE-2022-3040 Use after free in Layout | No | No | N/A | Yes \n[CVE-2022-3039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3039>) | Chromium: CVE-2022-3039 Use after free in WebSQL | No | No | N/A | Yes \n[CVE-2022-3038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3038>) | Chromium: CVE-2022-3038 Use after free in Network Service | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-26929](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26929>) | .NET Framework Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38013](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38020>) | Visual Studio Code Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n \n### ESU vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-37964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37964>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n### Microsoft Dynamics vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35805](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805>) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700>) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38008>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38009>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-37961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37961>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35823](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35823>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-37962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37962>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38010>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37963>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35828](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35828>) | Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35841](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35841>) | Windows Enterprise App Management Service Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30196>) | Windows Secure Channel Denial of Service Vulnerability | No | No | 8.2 | Yes \n[CVE-2022-37957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37957>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37954>) | DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38019>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35838>) | HTTP V3 Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38011>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-26928](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26928>) | Windows Photo Import API Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-34725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34725>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-37959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37959>) | Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35831](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35831>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34723>) | Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-23960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23960>) | Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability | No | Yes | N/A | Yes \n \n### Windows ESU vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-34718](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-34721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-34722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-35834](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35834>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35835](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35835>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35836>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35840](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35840>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34731>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34733>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34726>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34727>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34730>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34732>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34734>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-33679](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-33647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35830>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-38005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38005>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30200>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37955>) | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34729>) | Windows GDI Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38004](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38004>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34719>) | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Yes | Yes | 7.8 | Yes \n[CVE-2022-35803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35803>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35833](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35833>) | Windows Secure Channel Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-34720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34720>) | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-34724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34724>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-37958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958>) | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30170>) | Windows Credential Roaming Service Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-38006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38006>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-34728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34728>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-35832](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35832>) | Windows Event Tracing Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2022-35837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5 | Yes \n \n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T20:11:08", "type": "rapid7blog", "title": "Patch Tuesday - September 2022", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-26928", "CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3075", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34723", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35805", "CVE-2022-35823", "CVE-2022-35828", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37961", "CVE-2022-37962", "CVE-2022-37963", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006", "CVE-2022-38007", "CVE-2022-38008", "CVE-2022-38009", "CVE-2022-38010", "CVE-2022-38011", "CVE-2022-38012", "CVE-2022-38013", "CVE-2022-38019", "CVE-2022-38020"], "modified": "2022-09-13T20:11:08", "id": "RAPID7BLOG:207700353EDB2453B1928E90A6683A0E", "href": "https://blog.rapid7.com/2022/09/13/patch-tuesday-september-2022/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}]}
CVE-2022-3057
