DATABASE RESOURCES PRICING ABOUT US

{"id": "GLSA-202104-08", "vendorId": null, "type": "gentoo", "bulletinFamily": "unix", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-90.0.4430.93\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-90.0.4430.93\"", "published": "2021-04-30T00:00:00", "modified": "2021-04-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0}, "href": "https://security.gentoo.org/glsa/202104-08", "reporter": "Gentoo Foundation", "references": [], "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "immutableFields": [], "lastseen": "2022-01-17T18:59:29", "viewCount": 35, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202101-37", "ASA-202102-4", "ASA-202102-6", "ASA-202103-19", "ASA-202103-8", "ASA-202103-9", "ASA-202104-2", "ASA-202104-5", "ASA-202104-7"]}, {"type": "attackerkb", "idList": ["AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:21C170FF-C7C6-4BFB-8AED-613970EDA44C", "AKB:7E06EF37-046E-4E9E-AD5A-F4C2477ECB9E", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4", "AKB:C300BC5A-FE8F-4274-AFA8-C1F47411FEC1", "AKB:DD1DB11A-039E-4C46-8789-1158839E5A3F", "AKB:DFA61FBF-688B-44E9-8B09-134E93207AD9"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0276", "CPAI-2021-0310", "CPAI-2021-0482", "CPAI-2021-0529", "CPAI-2021-0952"]}, {"type": "chrome", "idList": ["GCSA-1247606144415232205", "GCSA-273411975827701477", "GCSA-2763659147289736801", "GCSA-3185915322248637110", "GCSA-3736590772439839598", "GCSA-3803715665928870837", "GCSA-459312130044903550", "GCSA-5280375550425303743", "GCSA-569693837847055670", "GCSA-714493762241889915"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-21148", "CISA-KEV-CVE-2021-21166", "CISA-KEV-CVE-2021-21193", "CISA-KEV-CVE-2021-21206", "CISA-KEV-CVE-2021-21220", "CISA-KEV-CVE-2021-21224"]}, {"type": "cnvd", "idList": ["CNVD-2021-47672"]}, {"type": "cve", "idList": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4846-1:82C83", "DEBIAN:DSA-4846-1:CCE83", "DEBIAN:DSA-4858-1:7131E", "DEBIAN:DSA-4886-1:0EF07", "DEBIAN:DSA-4886-1:8DF2D", "DEBIAN:DSA-4906-1:4BE22", "DEBIAN:DSA-4911-1:18E30"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21142", "DEBIANCVE:CVE-2021-21143", "DEBIANCVE:CVE-2021-21144", "DEBIANCVE:CVE-2021-21145", "DEBIANCVE:CVE-2021-21146", "DEBIANCVE:CVE-2021-21147", "DEBIANCVE:CVE-2021-21148", "DEBIANCVE:CVE-2021-21149", "DEBIANCVE:CVE-2021-21150", "DEBIANCVE:CVE-2021-21151", "DEBIANCVE:CVE-2021-21152", "DEBIANCVE:CVE-2021-21153", "DEBIANCVE:CVE-2021-21154", "DEBIANCVE:CVE-2021-21155", "DEBIANCVE:CVE-2021-21156", "DEBIANCVE:CVE-2021-21157", "DEBIANCVE:CVE-2021-21159", "DEBIANCVE:CVE-2021-21160", "DEBIANCVE:CVE-2021-21161", "DEBIANCVE:CVE-2021-21162", "DEBIANCVE:CVE-2021-21163", "DEBIANCVE:CVE-2021-21165", "DEBIANCVE:CVE-2021-21166", "DEBIANCVE:CVE-2021-21167", "DEBIANCVE:CVE-2021-21168", "DEBIANCVE:CVE-2021-21169", "DEBIANCVE:CVE-2021-21170", "DEBIANCVE:CVE-2021-21171", "DEBIANCVE:CVE-2021-21172", "DEBIANCVE:CVE-2021-21173", "DEBIANCVE:CVE-2021-21174", "DEBIANCVE:CVE-2021-21175", "DEBIANCVE:CVE-2021-21176", "DEBIANCVE:CVE-2021-21177", "DEBIANCVE:CVE-2021-21178", "DEBIANCVE:CVE-2021-21179", "DEBIANCVE:CVE-2021-21180", "DEBIANCVE:CVE-2021-21181", "DEBIANCVE:CVE-2021-21182", "DEBIANCVE:CVE-2021-21183", "DEBIANCVE:CVE-2021-21184", "DEBIANCVE:CVE-2021-21185", "DEBIANCVE:CVE-2021-21186", "DEBIANCVE:CVE-2021-21187", "DEBIANCVE:CVE-2021-21188", "DEBIANCVE:CVE-2021-21189", "DEBIANCVE:CVE-2021-2119", "DEBIANCVE:CVE-2021-21191", "DEBIANCVE:CVE-2021-21192", "DEBIANCVE:CVE-2021-21193", "DEBIANCVE:CVE-2021-21194", "DEBIANCVE:CVE-2021-21195", "DEBIANCVE:CVE-2021-21196", "DEBIANCVE:CVE-2021-21197", "DEBIANCVE:CVE-2021-21198", "DEBIANCVE:CVE-2021-21199", "DEBIANCVE:CVE-2021-21201", "DEBIANCVE:CVE-2021-21202", "DEBIANCVE:CVE-2021-21203", "DEBIANCVE:CVE-2021-21204", "DEBIANCVE:CVE-2021-21205", "DEBIANCVE:CVE-2021-21206", "DEBIANCVE:CVE-2021-21207", "DEBIANCVE:CVE-2021-21208", "DEBIANCVE:CVE-2021-21209", "DEBIANCVE:CVE-2021-21210", "DEBIANCVE:CVE-2021-21211", "DEBIANCVE:CVE-2021-21212", "DEBIANCVE:CVE-2021-21213", "DEBIANCVE:CVE-2021-21214", "DEBIANCVE:CVE-2021-21215", "DEBIANCVE:CVE-2021-21216", "DEBIANCVE:CVE-2021-21217", "DEBIANCVE:CVE-2021-21218", "DEBIANCVE:CVE-2021-21219", "DEBIANCVE:CVE-2021-21220", "DEBIANCVE:CVE-2021-21221", "DEBIANCVE:CVE-2021-21222", "DEBIANCVE:CVE-2021-21223", "DEBIANCVE:CVE-2021-21224", "DEBIANCVE:CVE-2021-21225", "DEBIANCVE:CVE-2021-21226", "DEBIANCVE:CVE-2021-21227", "DEBIANCVE:CVE-2021-21228", "DEBIANCVE:CVE-2021-21229", "DEBIANCVE:CVE-2021-21230", "DEBIANCVE:CVE-2021-21231", "DEBIANCVE:CVE-2021-21232", "DEBIANCVE:CVE-2021-21233"]}, {"type": "fedora", "idList": ["FEDORA:4E16930B130B", "FEDORA:807E83072E26", "FEDORA:993DD30E4796", "FEDORA:A017F3074280", "FEDORA:A9575304C34D", "FEDORA:B4C4A30D8539", "FEDORA:BB03930B3A56", "FEDORA:BF4FC30A0346", "FEDORA:C67773052A4D", "FEDORA:D63AA304E89C"]}, {"type": "freebsd", "idList": ["3E01AAD2-680E-11EB-83E2-E09467587C17", "479FDFDA-6659-11EB-83E2-E09467587C17", "48514901-711D-11EB-9846-E09467587C17", "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "7C0D71A9-9D48-11EB-97A0-E09467587C17", "9FBA80E0-A771-11EB-97A0-E09467587C17", "B81AD6D6-8633-11EB-99C5-E09467587C17", "BDDADAA4-9227-11EB-99C5-E09467587C17", "CB13A765-A277-11EB-97A0-E09467587C17", "F00B65D8-7CCB-11EB-B3BE-E09467587C17", "F3D86439-9DEF-11EB-97A0-E09467587C17"]}, {"type": "gentoo", "idList": ["GLSA-202101-15"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["5C0B03A9-4E20-51AF-9E85-E96FB8C67569", "6432789A-FC4C-597F-925F-5764319F257F", "CAE25BF5-2DB9-5000-8FF9-CC2EAA626ECE", "FCD264DC-601D-5F11-BFEF-BB041077ABB8"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA12047", "KLA12060", "KLA12062", "KLA12063", "KLA12064", "KLA12089", "KLA12093", "KLA12107", "KLA12115", "KLA12122", "KLA12133", "KLA12134", "KLA12136", "KLA12143", "KLA12144", "KLA12145", "KLA12147", "KLA12153", "KLA12154", "KLA12161", "KLA12179", "KLA12180", "KLA12181", "KLA12182", "KLA12183", "KLA12184"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7"]}, {"type": "mageia", "idList": ["MGASA-2021-0142", "MGASA-2021-0406"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "MALWAREBYTES:3322D6B92554507E3E44D06E2BA5E174", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35", "MALWAREBYTES:AC714CB24C401F36B220E29C6D2B049F"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21142", "MS:CVE-2021-21143", "MS:CVE-2021-21144", "MS:CVE-2021-21145", "MS:CVE-2021-21146", "MS:CVE-2021-21147", "MS:CVE-2021-21148", "MS:CVE-2021-21149", "MS:CVE-2021-21150", "MS:CVE-2021-21151", "MS:CVE-2021-21152", "MS:CVE-2021-21153", "MS:CVE-2021-21154", "MS:CVE-2021-21155", "MS:CVE-2021-21156", "MS:CVE-2021-21157", "MS:CVE-2021-21159", "MS:CVE-2021-21160", "MS:CVE-2021-21161", "MS:CVE-2021-21162", "MS:CVE-2021-21163", "MS:CVE-2021-21165", "MS:CVE-2021-21166", "MS:CVE-2021-21167", "MS:CVE-2021-21168", "MS:CVE-2021-21169", "MS:CVE-2021-21170", "MS:CVE-2021-21171", "MS:CVE-2021-21172", "MS:CVE-2021-21173", "MS:CVE-2021-21174", "MS:CVE-2021-21175", "MS:CVE-2021-21176", "MS:CVE-2021-21177", "MS:CVE-2021-21178", "MS:CVE-2021-21179", "MS:CVE-2021-21180", "MS:CVE-2021-21181", "MS:CVE-2021-21182", "MS:CVE-2021-21183", "MS:CVE-2021-21184", "MS:CVE-2021-21185", "MS:CVE-2021-21186", "MS:CVE-2021-21187", "MS:CVE-2021-21188", "MS:CVE-2021-21189", "MS:CVE-2021-21191", "MS:CVE-2021-21192", "MS:CVE-2021-21193", "MS:CVE-2021-21194", "MS:CVE-2021-21195", "MS:CVE-2021-21196", "MS:CVE-2021-21197", "MS:CVE-2021-21198", "MS:CVE-2021-21199", "MS:CVE-2021-21201", "MS:CVE-2021-21202", "MS:CVE-2021-21203", "MS:CVE-2021-21204", "MS:CVE-2021-21205", "MS:CVE-2021-21206", "MS:CVE-2021-21207", "MS:CVE-2021-21208", "MS:CVE-2021-21209", "MS:CVE-2021-21210", "MS:CVE-2021-21211", "MS:CVE-2021-21212", "MS:CVE-2021-21213", "MS:CVE-2021-21214", "MS:CVE-2021-21215", "MS:CVE-2021-21216", "MS:CVE-2021-21217", "MS:CVE-2021-21218", "MS:CVE-2021-21219", "MS:CVE-2021-21220", "MS:CVE-2021-21221", "MS:CVE-2021-21222", "MS:CVE-2021-21223", "MS:CVE-2021-21224", "MS:CVE-2021-21225", "MS:CVE-2021-21226", "MS:CVE-2021-21227", "MS:CVE-2021-21228", "MS:CVE-2021-21229", "MS:CVE-2021-21230", "MS:CVE-2021-21231", "MS:CVE-2021-21232", "MS:CVE-2021-21233"]}, {"type": "nessus", "idList": ["701298.PASL", "701321.PASL", "701322.PASL", "701323.PASL", "701325.PASL", "701326.PASL", "701327.PASL", "701328.PASL", "701339.PASL", "701341.PASL", "701347.PASL", "DEBIAN_DSA-4846.NASL", "DEBIAN_DSA-4858.NASL", "DEBIAN_DSA-4886.NASL", "DEBIAN_DSA-4906.NASL", "DEBIAN_DSA-4911.NASL", "FEDORA_2021-05AFA65D39.NASL", "FEDORA_2021-141D8640CE.NASL", "FEDORA_2021-4740239E28.NASL", "FEDORA_2021-7FB30B9381.NASL", "FEDORA_2021-AA764A8531.NASL", "FEDORA_2021-C88A96BD4B.NASL", "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "FREEBSD_PKG_479FDFDA665911EB83E2E09467587C17.NASL", "FREEBSD_PKG_48514901711D11EB9846E09467587C17.NASL", "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "FREEBSD_PKG_9FBA80E0A77111EB97A0E09467587C17.NASL", "FREEBSD_PKG_B81AD6D6863311EB99C5E09467587C17.NASL", "FREEBSD_PKG_BDDADAA4922711EB99C5E09467587C17.NASL", "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "FREEBSD_PKG_F3D864399DEF11EB97A0E09467587C17.NASL", "GENTOO_GLSA-202101-15.NASL", "GENTOO_GLSA-202104-08.NASL", "GOOGLE_CHROME_88_0_4324_146.NASL", "GOOGLE_CHROME_88_0_4324_150.NASL", "GOOGLE_CHROME_88_0_4324_182.NASL", "GOOGLE_CHROME_89_0_4389_114.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "GOOGLE_CHROME_89_0_4389_72.NASL", "GOOGLE_CHROME_89_0_4389_90.NASL", "GOOGLE_CHROME_90_0_4430_72.NASL", "GOOGLE_CHROME_90_0_4430_85.NASL", "GOOGLE_CHROME_90_0_4430_93.NASL", "GOOGLE_CHROME_91_0_4472_77.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_146.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_150.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_182.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_114.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_90.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_72.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_93.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_62.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_63.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_74.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_54.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_68.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_51.NASL", "OPENSUSE-2021-259.NASL", "OPENSUSE-2021-267.NASL", "OPENSUSE-2021-296.NASL", "OPENSUSE-2021-392.NASL", "OPENSUSE-2021-413.NASL", "OPENSUSE-2021-436.NASL", "OPENSUSE-2021-513.NASL", "OPENSUSE-2021-567.NASL", "OPENSUSE-2021-592.NASL", "OPENSUSE-2021-629.NASL", "OPENSUSE-2021-712.NASL", "OPENSUSE-2021-729.NASL", "OPENSUSE-2021-825.NASL", "SMB_NT_MS21_APR_5001566.NASL", "SMB_NT_MS21_APR_5001631.NASL", "SMB_NT_MS21_APR_5001633.NASL", "SMB_NT_MS21_APR_5001634.NASL", "SMB_NT_MS21_APR_5001638.NASL", "SMB_NT_MS21_APR_5001649.NASL", "VIRTUALBOX_JAN_2021_CPU.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "osv", "idList": ["OSV:DSA-4846-1", "OSV:DSA-4858-1", "OSV:DSA-4886-1", "OSV:DSA-4906-1", "OSV:DSA-4911-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162437"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26", "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "RAPID7BLOG:C2CC0386EE87831FE7800DF7026FCE2D"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21152", "RH:CVE-2021-21170", "RH:CVE-2021-21173", "RH:CVE-2021-21185", "RH:CVE-2021-21187", "RH:CVE-2021-21197", "RH:CVE-2021-21199", "RH:CVE-2021-21204", "RH:CVE-2021-21209", "RH:CVE-2021-21216", "RH:CVE-2021-21230"]}, {"type": "securelist", "idList": ["SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:8BBBF7B71E6D52B912070367475B6567", "SECURELIST:8E9198BF0E389572981DD1AA05D0708A", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0259-1", "OPENSUSE-SU-2021:0267-1", "OPENSUSE-SU-2021:0268-1", "OPENSUSE-SU-2021:0276-1", "OPENSUSE-SU-2021:0296-1", "OPENSUSE-SU-2021:0392-1", "OPENSUSE-SU-2021:0401-1", "OPENSUSE-SU-2021:0413-1", "OPENSUSE-SU-2021:0436-1", "OPENSUSE-SU-2021:0446-1", "OPENSUSE-SU-2021:0513-1", "OPENSUSE-SU-2021:0515-1", "OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:0575-1", "OPENSUSE-SU-2021:0592-1", "OPENSUSE-SU-2021:0629-1", "OPENSUSE-SU-2021:0712-1", "OPENSUSE-SU-2021:0729-1", "OPENSUSE-SU-2021:0825-1", "OPENSUSE-SU-2021:0840-1", "OPENSUSE-SU-2021:0973-1", "OPENSUSE-SU-2021:1016-1"]}, {"type": "talos", "idList": ["TALOS-2021-1235"]}, {"type": "thn", "idList": ["THN:15BF409706D7240A5276C705732D745F", "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:1DDE95EA33D4D9F304973569FC787451", "THN:2E0F12E8B4294632DF7D326E9360976B", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:B7217784F9D53002315C9C43CCC73766", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:F197A729A4F49F957F9D5910875EBAAA", "THN:FF8DAEC0AE0DDAE827D57407C51BE992"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:398E85215A3E7B7329EE3FED8F6374FF", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:54718EAE6A3AD996F13E22A17C765CCC", "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "THREATPOST:CF9E25BD324C5940B0795721CA134155", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "THREATPOST:F2924795225F38CC02ED6F6A0AA4416D"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21142", "UB:CVE-2021-21143", "UB:CVE-2021-21144", "UB:CVE-2021-21145", "UB:CVE-2021-21146", "UB:CVE-2021-21147", "UB:CVE-2021-21148", "UB:CVE-2021-21149", "UB:CVE-2021-21150", "UB:CVE-2021-21151", "UB:CVE-2021-21152", "UB:CVE-2021-21153", "UB:CVE-2021-21154", "UB:CVE-2021-21155", "UB:CVE-2021-21156", "UB:CVE-2021-21157", "UB:CVE-2021-21159", "UB:CVE-2021-21160", "UB:CVE-2021-21161", "UB:CVE-2021-21162", "UB:CVE-2021-21163", "UB:CVE-2021-21165", "UB:CVE-2021-21166", "UB:CVE-2021-21167", "UB:CVE-2021-21168", "UB:CVE-2021-21169", "UB:CVE-2021-21170", "UB:CVE-2021-21171", "UB:CVE-2021-21172", "UB:CVE-2021-21173", "UB:CVE-2021-21174", "UB:CVE-2021-21175", "UB:CVE-2021-21176", "UB:CVE-2021-21177", "UB:CVE-2021-21178", "UB:CVE-2021-21179", "UB:CVE-2021-21180", "UB:CVE-2021-21181", "UB:CVE-2021-21182", "UB:CVE-2021-21183", "UB:CVE-2021-21184", "UB:CVE-2021-21185", "UB:CVE-2021-21186", "UB:CVE-2021-21187", "UB:CVE-2021-21188", "UB:CVE-2021-21189", "UB:CVE-2021-2119", "UB:CVE-2021-21191", "UB:CVE-2021-21192", "UB:CVE-2021-21193", "UB:CVE-2021-21194", "UB:CVE-2021-21195", "UB:CVE-2021-21196", "UB:CVE-2021-21197", "UB:CVE-2021-21198", "UB:CVE-2021-21199", "UB:CVE-2021-21201", "UB:CVE-2021-21202", "UB:CVE-2021-21203", "UB:CVE-2021-21204", "UB:CVE-2021-21205", "UB:CVE-2021-21206", "UB:CVE-2021-21207", "UB:CVE-2021-21208", "UB:CVE-2021-21209", "UB:CVE-2021-21210", "UB:CVE-2021-21211", "UB:CVE-2021-21212", "UB:CVE-2021-21213", "UB:CVE-2021-21214", "UB:CVE-2021-21215", "UB:CVE-2021-21216", "UB:CVE-2021-21217", "UB:CVE-2021-21218", "UB:CVE-2021-21219", "UB:CVE-2021-21220", "UB:CVE-2021-21221", "UB:CVE-2021-21222", "UB:CVE-2021-21223", "UB:CVE-2021-21224", "UB:CVE-2021-21225", "UB:CVE-2021-21226", "UB:CVE-2021-21227", "UB:CVE-2021-21228", "UB:CVE-2021-21229", "UB:CVE-2021-21230", "UB:CVE-2021-21231", "UB:CVE-2021-21232", "UB:CVE-2021-21233"]}, {"type": "veracode", "idList": ["VERACODE:29056", "VERACODE:29262", "VERACODE:29263", "VERACODE:29264", "VERACODE:29265", "VERACODE:29266", "VERACODE:29267", "VERACODE:29323", "VERACODE:29426", "VERACODE:29427", "VERACODE:29428", "VERACODE:29429", "VERACODE:29430", "VERACODE:29431", "VERACODE:29432", "VERACODE:29433", "VERACODE:29434", "VERACODE:29609", "VERACODE:29610", "VERACODE:29611", "VERACODE:29612", "VERACODE:29613", "VERACODE:29614", "VERACODE:29615", "VERACODE:29616", "VERACODE:29617", "VERACODE:29618", "VERACODE:29619", "VERACODE:29620", "VERACODE:29621", "VERACODE:29622", "VERACODE:29623", "VERACODE:29624", "VERACODE:29625", "VERACODE:29626", "VERACODE:29627", "VERACODE:29628", "VERACODE:29629", "VERACODE:29630", "VERACODE:29631", "VERACODE:29632", "VERACODE:29633", "VERACODE:29634", "VERACODE:29635", "VERACODE:29636", "VERACODE:29637", "VERACODE:29638", "VERACODE:29724", "VERACODE:29725", "VERACODE:29726", "VERACODE:29910", "VERACODE:29911", "VERACODE:29912", "VERACODE:29913", "VERACODE:29914", "VERACODE:29915", "VERACODE:30065", "VERACODE:30066", "VERACODE:30067", "VERACODE:30068", "VERACODE:30069", "VERACODE:30070", "VERACODE:30071", "VERACODE:30072", "VERACODE:30073", "VERACODE:30074", "VERACODE:30075", "VERACODE:30076", "VERACODE:30077", "VERACODE:30078", "VERACODE:30079", "VERACODE:30080", "VERACODE:30081", "VERACODE:30082", "VERACODE:30083", "VERACODE:30084", "VERACODE:30085", "VERACODE:30143", "VERACODE:30144", "VERACODE:30145", "VERACODE:30146", "VERACODE:30147", "VERACODE:30306", "VERACODE:30307", "VERACODE:30308", "VERACODE:30309", "VERACODE:30310", "VERACODE:30311", "VERACODE:30312"]}, {"type": "zdi", "idList": ["ZDI-21-411"]}, {"type": "zdt", "idList": ["1337DAY-ID-36202"]}]}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202101-37", "ASA-202102-4", "ASA-202102-6", "ASA-202103-19", "ASA-202104-2", "ASA-202104-5", "ASA-202104-7"]}, {"type": "attackerkb", "idList": ["AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:21C170FF-C7C6-4BFB-8AED-613970EDA44C", "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0276", "CPAI-2021-0310", "CPAI-2021-0482", "CPAI-2021-0529"]}, {"type": "chrome", "idList": ["GCSA-1247606144415232205", "GCSA-273411975827701477", "GCSA-2763659147289736801", "GCSA-3185915322248637110", "GCSA-3736590772439839598", "GCSA-3803715665928870837", "GCSA-459312130044903550", "GCSA-5280375550425303743", "GCSA-569693837847055670"]}, {"type": "cve", "idList": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-2119", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4846-1:CCE83", "DEBIAN:DSA-4858-1:7131E", "DEBIAN:DSA-4886-1:0EF07", "DEBIAN:DSA-4906-1:4BE22", "DEBIAN:DSA-4911-1:18E30"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21142", "DEBIANCVE:CVE-2021-21143", "DEBIANCVE:CVE-2021-21144", "DEBIANCVE:CVE-2021-21145", "DEBIANCVE:CVE-2021-21146", "DEBIANCVE:CVE-2021-21147", "DEBIANCVE:CVE-2021-21148", "DEBIANCVE:CVE-2021-21149", "DEBIANCVE:CVE-2021-21150", "DEBIANCVE:CVE-2021-21151", "DEBIANCVE:CVE-2021-21152", "DEBIANCVE:CVE-2021-21153", "DEBIANCVE:CVE-2021-21154", "DEBIANCVE:CVE-2021-21155", "DEBIANCVE:CVE-2021-21156", "DEBIANCVE:CVE-2021-21157", "DEBIANCVE:CVE-2021-21159", "DEBIANCVE:CVE-2021-21160", "DEBIANCVE:CVE-2021-21161", "DEBIANCVE:CVE-2021-21162", "DEBIANCVE:CVE-2021-21163", "DEBIANCVE:CVE-2021-21165", "DEBIANCVE:CVE-2021-21166", "DEBIANCVE:CVE-2021-21167", "DEBIANCVE:CVE-2021-21168", "DEBIANCVE:CVE-2021-21169", "DEBIANCVE:CVE-2021-21170", "DEBIANCVE:CVE-2021-21171", "DEBIANCVE:CVE-2021-21172", "DEBIANCVE:CVE-2021-21173", "DEBIANCVE:CVE-2021-21174", "DEBIANCVE:CVE-2021-21175", "DEBIANCVE:CVE-2021-21176", "DEBIANCVE:CVE-2021-21177", "DEBIANCVE:CVE-2021-21178", "DEBIANCVE:CVE-2021-21179", "DEBIANCVE:CVE-2021-21180", "DEBIANCVE:CVE-2021-21181", "DEBIANCVE:CVE-2021-21182", "DEBIANCVE:CVE-2021-21183", "DEBIANCVE:CVE-2021-21184", "DEBIANCVE:CVE-2021-21185", "DEBIANCVE:CVE-2021-21186", "DEBIANCVE:CVE-2021-21187", "DEBIANCVE:CVE-2021-21188", "DEBIANCVE:CVE-2021-21189", "DEBIANCVE:CVE-2021-21191", "DEBIANCVE:CVE-2021-21192", "DEBIANCVE:CVE-2021-21193", "DEBIANCVE:CVE-2021-21194", "DEBIANCVE:CVE-2021-21195", "DEBIANCVE:CVE-2021-21196", "DEBIANCVE:CVE-2021-21197", "DEBIANCVE:CVE-2021-21198", "DEBIANCVE:CVE-2021-21199", "DEBIANCVE:CVE-2021-21201", "DEBIANCVE:CVE-2021-21202", "DEBIANCVE:CVE-2021-21203", "DEBIANCVE:CVE-2021-21204", "DEBIANCVE:CVE-2021-21205", "DEBIANCVE:CVE-2021-21206", "DEBIANCVE:CVE-2021-21207", "DEBIANCVE:CVE-2021-21208", "DEBIANCVE:CVE-2021-21209", "DEBIANCVE:CVE-2021-21210", "DEBIANCVE:CVE-2021-21211", "DEBIANCVE:CVE-2021-21212", "DEBIANCVE:CVE-2021-21213", "DEBIANCVE:CVE-2021-21214", "DEBIANCVE:CVE-2021-21215", "DEBIANCVE:CVE-2021-21216", "DEBIANCVE:CVE-2021-21217", "DEBIANCVE:CVE-2021-21218", "DEBIANCVE:CVE-2021-21219", "DEBIANCVE:CVE-2021-21220", "DEBIANCVE:CVE-2021-21221", "DEBIANCVE:CVE-2021-21222", "DEBIANCVE:CVE-2021-21223", "DEBIANCVE:CVE-2021-21224", "DEBIANCVE:CVE-2021-21225", "DEBIANCVE:CVE-2021-21226", "DEBIANCVE:CVE-2021-21227", "DEBIANCVE:CVE-2021-21228", "DEBIANCVE:CVE-2021-21229", "DEBIANCVE:CVE-2021-21230", "DEBIANCVE:CVE-2021-21231", "DEBIANCVE:CVE-2021-21232", "DEBIANCVE:CVE-2021-21233"]}, {"type": "fedora", "idList": ["FEDORA:4E16930B130B", "FEDORA:807E83072E26", "FEDORA:A9575304C34D", "FEDORA:BB03930B3A56", "FEDORA:BF4FC30A0346", "FEDORA:C67773052A4D"]}, {"type": "freebsd", "idList": ["3E01AAD2-680E-11EB-83E2-E09467587C17", "48514901-711D-11EB-9846-E09467587C17", "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "7C0D71A9-9D48-11EB-97A0-E09467587C17", "9FBA80E0-A771-11EB-97A0-E09467587C17", "BDDADAA4-9227-11EB-99C5-E09467587C17", "CB13A765-A277-11EB-97A0-E09467587C17", "F00B65D8-7CCB-11EB-B3BE-E09467587C17", "F3D86439-9DEF-11EB-97A0-E09467587C17"]}, {"type": "gentoo", "idList": ["GLSA-202101-15"]}, {"type": "githubexploit", "idList": ["0B591109-1FC7-5B04-98E2-B772FC6B5386", "5C0B03A9-4E20-51AF-9E85-E96FB8C67569", "CAE25BF5-2DB9-5000-8FF9-CC2EAA626ECE", "FCD264DC-601D-5F11-BFEF-BB041077ABB8"]}, {"type": "kaspersky", "idList": ["KLA12047", "KLA12060", "KLA12062", "KLA12063", "KLA12064", "KLA12089", "KLA12093", "KLA12106", "KLA12107", "KLA12115", "KLA12122", "KLA12133", "KLA12134", "KLA12136", "KLA12143", "KLA12144", "KLA12145", "KLA12147", "KLA12153", "KLA12154", "KLA12161", "KLA12179", "KLA12180", "KLA12181", "KLA12182", "KLA12183", "KLA12184"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:07CCE98B638067D2F0F9AD53E87E8D55", "MALWAREBYTES:6F90B6DD790D455EDED4BE326079DA35", "MALWAREBYTES:AC714CB24C401F36B220E29C6D2B049F"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2021-21149/", "MSF:ILITIES/DEBIAN-CVE-2021-21169/", "MSF:ILITIES/DEBIAN-CVE-2021-21172/", "MSF:ILITIES/DEBIAN-CVE-2021-21180/", "MSF:ILITIES/DEBIAN-CVE-2021-21199/", "MSF:ILITIES/FREEBSD-CVE-2021-21153/", "MSF:ILITIES/FREEBSD-CVE-2021-21156/", "MSF:ILITIES/FREEBSD-CVE-2021-21157/", "MSF:ILITIES/FREEBSD-CVE-2021-21159/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21149/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21160/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21169/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21172/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21173/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21175/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21176/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21178/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21179/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21180/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21181/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21182/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21184/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21185/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21187/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21189/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21227/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21230/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-21232/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21149/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21160/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21161/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21162/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21165/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21166/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21167/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21172/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21173/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21175/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21177/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21178/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21179/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21180/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21185/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21186/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21187/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21188/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21206/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21217/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21227/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21228/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21229/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-21230/", "MSF:ILITIES/MSFT-CVE-2021-26866/", "MSF:ILITIES/SUSE-CVE-2021-21161/", "MSF:ILITIES/SUSE-CVE-2021-21162/", "MSF:ILITIES/SUSE-CVE-2021-21163/", "MSF:ILITIES/SUSE-CVE-2021-21165/", "MSF:ILITIES/SUSE-CVE-2021-21166/", "MSF:ILITIES/SUSE-CVE-2021-21167/", "MSF:ILITIES/SUSE-CVE-2021-21168/", "MSF:ILITIES/SUSE-CVE-2021-21171/", "MSF:ILITIES/SUSE-CVE-2021-21173/", "MSF:ILITIES/SUSE-CVE-2021-21174/", "MSF:ILITIES/SUSE-CVE-2021-21175/", "MSF:ILITIES/SUSE-CVE-2021-21176/", "MSF:ILITIES/SUSE-CVE-2021-21177/", "MSF:ILITIES/SUSE-CVE-2021-21178/", "MSF:ILITIES/SUSE-CVE-2021-21180/", "MSF:ILITIES/SUSE-CVE-2021-21181/", "MSF:ILITIES/SUSE-CVE-2021-21184/", "MSF:ILITIES/SUSE-CVE-2021-21187/", "MSF:ILITIES/SUSE-CVE-2021-21194/", "MSF:ILITIES/SUSE-CVE-2021-21196/", "MSF:ILITIES/SUSE-CVE-2021-21197/", "MSF:ILITIES/SUSE-CVE-2021-21199/", "MSF:ILITIES/SUSE-CVE-2021-21227/", "MSF:ILITIES/SUSE-CVE-2021-21228/", "MSF:ILITIES/SUSE-CVE-2021-21229/", "MSF:ILITIES/SUSE-CVE-2021-21230/", "MSF:ILITIES/SUSE-CVE-2021-21231/", "MSF:ILITIES/SUSE-CVE-2021-21232/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21142", "MS:CVE-2021-21143", "MS:CVE-2021-21144", "MS:CVE-2021-21145", "MS:CVE-2021-21146", "MS:CVE-2021-21147", "MS:CVE-2021-21148", "MS:CVE-2021-21149", "MS:CVE-2021-21150", "MS:CVE-2021-21151", "MS:CVE-2021-21152", "MS:CVE-2021-21153", "MS:CVE-2021-21154", "MS:CVE-2021-21155", "MS:CVE-2021-21156", "MS:CVE-2021-21157", "MS:CVE-2021-21194", "MS:CVE-2021-21195", "MS:CVE-2021-21196", "MS:CVE-2021-21197", "MS:CVE-2021-21198", "MS:CVE-2021-21199", "MS:CVE-2021-21201", "MS:CVE-2021-21202", "MS:CVE-2021-21203", "MS:CVE-2021-21204", "MS:CVE-2021-21205", "MS:CVE-2021-21206", "MS:CVE-2021-21207", "MS:CVE-2021-21208", "MS:CVE-2021-21209", "MS:CVE-2021-21210", "MS:CVE-2021-21211", "MS:CVE-2021-21212", "MS:CVE-2021-21213", "MS:CVE-2021-21214", "MS:CVE-2021-21215", "MS:CVE-2021-21216", "MS:CVE-2021-21217", "MS:CVE-2021-21218", "MS:CVE-2021-21219", "MS:CVE-2021-21220", "MS:CVE-2021-21221", "MS:CVE-2021-21222", "MS:CVE-2021-21223", "MS:CVE-2021-21224", "MS:CVE-2021-21225", "MS:CVE-2021-21226", "MS:CVE-2021-21227", "MS:CVE-2021-21228", "MS:CVE-2021-21229", "MS:CVE-2021-21230", "MS:CVE-2021-21231", "MS:CVE-2021-21232", "MS:CVE-2021-21233"]}, {"type": "nessus", "idList": ["701298.PASL", "701321.PASL", "701322.PASL", "701323.PASL", "701325.PASL", "701326.PASL", "701327.PASL", "701328.PASL", "701339.PASL", "701341.PASL", "DEBIAN_DSA-4846.NASL", "DEBIAN_DSA-4858.NASL", "DEBIAN_DSA-4886.NASL", "DEBIAN_DSA-4906.NASL", "DEBIAN_DSA-4911.NASL", "FEDORA_2021-05AFA65D39.NASL", "FEDORA_2021-141D8640CE.NASL", "FEDORA_2021-4740239E28.NASL", "FEDORA_2021-7FB30B9381.NASL", "FEDORA_2021-AA764A8531.NASL", "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "FREEBSD_PKG_48514901711D11EB9846E09467587C17.NASL", "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "FREEBSD_PKG_9FBA80E0A77111EB97A0E09467587C17.NASL", "FREEBSD_PKG_BDDADAA4922711EB99C5E09467587C17.NASL", "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "FREEBSD_PKG_F3D864399DEF11EB97A0E09467587C17.NASL", "GENTOO_GLSA-202101-15.NASL", "GENTOO_GLSA-202104-08.NASL", "GOOGLE_CHROME_88_0_4324_146.NASL", "GOOGLE_CHROME_88_0_4324_150.NASL", "GOOGLE_CHROME_88_0_4324_182.NASL", "GOOGLE_CHROME_89_0_4389_114.NASL", "GOOGLE_CHROME_89_0_4389_128.NASL", "GOOGLE_CHROME_89_0_4389_72.NASL", "GOOGLE_CHROME_90_0_4430_72.NASL", "GOOGLE_CHROME_90_0_4430_85.NASL", "GOOGLE_CHROME_90_0_4430_93.NASL", "GOOGLE_CHROME_91_0_4472_77.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_146.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_150.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_182.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_114.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL", "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_72.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_93.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_62.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_63.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_74.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_68.NASL", "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_51.NASL", "OPENSUSE-2021-259.NASL", "OPENSUSE-2021-267.NASL", "OPENSUSE-2021-296.NASL", "OPENSUSE-2021-413.NASL", "OPENSUSE-2021-513.NASL", "OPENSUSE-2021-567.NASL", "OPENSUSE-2021-592.NASL", "OPENSUSE-2021-629.NASL", "OPENSUSE-2021-712.NASL", "OPENSUSE-2021-729.NASL", "OPENSUSE-2021-825.NASL", "VIRTUALBOX_JAN_2021_CPU.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162437"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}, {"type": "securelist", "idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}, {"type": "seebug", "idList": ["SSV:99217"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0259-1", "OPENSUSE-SU-2021:0267-1", "OPENSUSE-SU-2021:0268-1", "OPENSUSE-SU-2021:0276-1", "OPENSUSE-SU-2021:0296-1", "OPENSUSE-SU-2021:0392-1", "OPENSUSE-SU-2021:0401-1", "OPENSUSE-SU-2021:0413-1", "OPENSUSE-SU-2021:0436-1", "OPENSUSE-SU-2021:0446-1", "OPENSUSE-SU-2021:0513-1", "OPENSUSE-SU-2021:0515-1", "OPENSUSE-SU-2021:0567-1", "OPENSUSE-SU-2021:0575-1", "OPENSUSE-SU-2021:0592-1", "OPENSUSE-SU-2021:0629-1", "OPENSUSE-SU-2021:0712-1", "OPENSUSE-SU-2021:0729-1", "OPENSUSE-SU-2021:0825-1", "OPENSUSE-SU-2021:0840-1", "OPENSUSE-SU-2021:0973-1", "OPENSUSE-SU-2021:1016-1"]}, {"type": "talos", "idList": ["TALOS-2021-1235"]}, {"type": "thn", "idList": ["THN:1DDE95EA33D4D9F304973569FC787451", "THN:2E0F12E8B4294632DF7D326E9360976B", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB", "THN:EF50BA60FF5E3EF9AF1570FF5A2589A0", "THN:F197A729A4F49F957F9D5910875EBAAA", "THN:FF8DAEC0AE0DDAE827D57407C51BE992"]}, {"type": "threatpost", "idList": ["THREATPOST:398E85215A3E7B7329EE3FED8F6374FF", "THREATPOST:54718EAE6A3AD996F13E22A17C765CCC", "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:A8D4979B3A84B8E7B98B5321FA948454", "THREATPOST:CF9E25BD324C5940B0795721CA134155", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21185", "UB:CVE-2021-21186", "UB:CVE-2021-21188", "UB:CVE-2021-21194", "UB:CVE-2021-21195", "UB:CVE-2021-21196", "UB:CVE-2021-21197", "UB:CVE-2021-21198", "UB:CVE-2021-21199", "UB:CVE-2021-21201", "UB:CVE-2021-21202", "UB:CVE-2021-21203", "UB:CVE-2021-21204", "UB:CVE-2021-21206", "UB:CVE-2021-21207", "UB:CVE-2021-21208", "UB:CVE-2021-21209", "UB:CVE-2021-21210", "UB:CVE-2021-21211", "UB:CVE-2021-21212", "UB:CVE-2021-21213", "UB:CVE-2021-21214", "UB:CVE-2021-21215", "UB:CVE-2021-21216", "UB:CVE-2021-21217", "UB:CVE-2021-21218", "UB:CVE-2021-21219", "UB:CVE-2021-21220", "UB:CVE-2021-21221", "UB:CVE-2021-21222", "UB:CVE-2021-21223", "UB:CVE-2021-21224", "UB:CVE-2021-21225", "UB:CVE-2021-21226", "UB:CVE-2021-21227", "UB:CVE-2021-21228", "UB:CVE-2021-21229", "UB:CVE-2021-21230", "UB:CVE-2021-21231", "UB:CVE-2021-21232", "UB:CVE-2021-21233"]}, {"type": "zdi", "idList": ["ZDI-21-411"]}, {"type": "zdt", "idList": ["1337DAY-ID-36202"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-21142", "epss": "0.002070000", "percentile": "0.569280000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21143", "epss": "0.001680000", "percentile": "0.519310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21144", "epss": "0.001680000", "percentile": "0.519310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21145", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21146", "epss": "0.002070000", "percentile": "0.569280000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21147", "epss": "0.000730000", "percentile": "0.297200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21148", "epss": "0.013990000", "percentile": "0.843720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21149", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21150", "epss": "0.002510000", "percentile": "0.612460000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21151", "epss": "0.002510000", "percentile": "0.612460000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21152", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21153", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21154", "epss": "0.002650000", "percentile": "0.623770000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21155", "epss": "0.002650000", "percentile": "0.623770000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21156", "epss": "0.014950000", "percentile": "0.848350000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21157", "epss": "0.001920000", "percentile": "0.550810000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21159", "epss": "0.004870000", "percentile": "0.723100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21160", "epss": "0.004350000", "percentile": "0.706750000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21161", "epss": "0.004870000", "percentile": "0.723100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21162", "epss": "0.003250000", "percentile": "0.661370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21163", "epss": "0.010680000", "percentile": "0.819540000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21165", "epss": "0.004610000", "percentile": "0.715110000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21166", "epss": "0.026870000", "percentile": "0.887900000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21167", "epss": "0.003250000", "percentile": "0.661370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21168", "epss": "0.024070000", "percentile": "0.882180000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21169", "epss": "0.004610000", "percentile": "0.715110000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21170", "epss": "0.001890000", "percentile": "0.546890000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21171", "epss": "0.003800000", "percentile": "0.687090000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21172", "epss": "0.003820000", "percentile": "0.687850000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21173", "epss": "0.022300000", "percentile": "0.877640000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21174", "epss": "0.003090000", "percentile": "0.652900000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21175", "epss": "0.007200000", "percentile": "0.775910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21176", "epss": "0.003800000", "percentile": "0.687090000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21177", "epss": "0.727360000", "percentile": "0.974940000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21178", "epss": "0.005690000", "percentile": "0.744400000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21179", "epss": "0.003250000", "percentile": "0.661370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21180", "epss": "0.003250000", "percentile": "0.661370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21181", "epss": "0.019870000", "percentile": "0.869960000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21182", "epss": "0.008320000", "percentile": "0.794210000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21183", "epss": "0.003920000", "percentile": "0.691800000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21184", "epss": "0.003920000", "percentile": "0.691800000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21185", "epss": "0.001320000", "percentile": "0.466100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21186", "epss": "0.003840000", "percentile": "0.688790000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21187", "epss": "0.001370000", "percentile": "0.475040000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21188", "epss": "0.003250000", "percentile": "0.661370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21189", "epss": "0.007920000", "percentile": "0.789160000", "modified": "2023-03-17"}, {"cve": "CVE-2021-2119", "epss": "0.000480000", "percentile": "0.145370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21191", "epss": "0.004190000", "percentile": "0.701620000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21192", "epss": "0.001970000", "percentile": "0.558590000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21193", "epss": "0.004650000", "percentile": "0.716000000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21194", "epss": "0.004770000", "percentile": "0.720210000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21195", "epss": "0.004770000", "percentile": "0.720210000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21196", "epss": "0.004650000", "percentile": "0.716180000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21197", "epss": "0.004650000", "percentile": "0.716180000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21198", "epss": "0.005050000", "percentile": "0.728170000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21199", "epss": "0.004770000", "percentile": "0.720210000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21201", "epss": "0.002810000", "percentile": "0.635660000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21202", "epss": "0.000750000", "percentile": "0.304640000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21203", "epss": "0.003970000", "percentile": "0.693550000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21204", "epss": "0.003970000", "percentile": "0.693550000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21205", "epss": "0.002990000", "percentile": "0.646950000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21206", "epss": "0.007990000", "percentile": "0.789930000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21207", "epss": "0.000750000", "percentile": "0.304640000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21208", "epss": "0.001780000", "percentile": "0.532310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21209", "epss": "0.002120000", "percentile": "0.573310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21210", "epss": "0.002870000", "percentile": "0.639200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21211", "epss": "0.002120000", "percentile": "0.573310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21212", "epss": "0.002720000", "percentile": "0.628560000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21213", "epss": "0.002520000", "percentile": "0.613580000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21214", "epss": "0.002810000", "percentile": "0.635610000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21215", "epss": "0.027920000", "percentile": "0.890040000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21216", "epss": "0.707320000", "percentile": "0.974320000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21217", "epss": "0.004260000", "percentile": "0.703800000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21218", "epss": "0.001080000", "percentile": "0.420470000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21219", "epss": "0.001080000", "percentile": "0.420470000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21220", "epss": "0.974070000", "percentile": "0.998440000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21221", "epss": "0.004060000", "percentile": "0.697040000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21222", "epss": "0.003280000", "percentile": "0.663000000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21223", "epss": "0.005430000", "percentile": "0.738400000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21224", "epss": "0.969350000", "percentile": "0.994990000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21225", "epss": "0.002960000", "percentile": "0.645390000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21226", "epss": "0.003830000", "percentile": "0.688130000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21227", "epss": "0.005650000", "percentile": "0.743690000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21228", "epss": "0.001990000", "percentile": "0.560330000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21229", "epss": "0.002500000", "percentile": "0.611140000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21230", "epss": "0.004750000", "percentile": "0.719570000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21231", "epss": "0.004770000", "percentile": "0.720060000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21232", "epss": "0.003350000", "percentile": "0.666780000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21233", "epss": "0.004420000", "percentile": "0.708780000", "modified": "2023-03-17"}], "vulnersScore": 2.0}, "_state": {"dependencies": 1678904750, "score": 1678906078, "epss": 1679070268}, "_internal": {"score_hash": "a9bfe180636a025fdbbee328c98bdbca"}, "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "arch": "all", "packageFilename": "UNKNOWN", "packageVersion": "90.0.4430.93", "operator": "lt", "packageName": "www-client/chromium"}, {"OS": "Gentoo", "OSVersion": "any", "arch": "all", "packageFilename": "UNKNOWN", "packageVersion": "90.0.4430.93", "operator": "lt", "packageName": "www-client/google-chrome"}]}

{"nessus": [{"lastseen": "2023-01-11T14:49:22", "description": "The remote host is affected by the vulnerability described in GLSA-202104-08 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-08.NASL", "href": "https://www.tenable.com/plugins/nessus/149223", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-08.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149223);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\", \"CVE-2021-21148\", \"CVE-2021-21149\", \"CVE-2021-21150\", \"CVE-2021-21151\", \"CVE-2021-21152\", \"CVE-2021-21153\", \"CVE-2021-21154\", \"CVE-2021-21155\", \"CVE-2021-21156\", \"CVE-2021-21157\", \"CVE-2021-21159\", \"CVE-2021-21160\", \"CVE-2021-21161\", \"CVE-2021-21162\", \"CVE-2021-21163\", \"CVE-2021-21165\", \"CVE-2021-21166\", \"CVE-2021-21167\", \"CVE-2021-21168\", \"CVE-2021-21169\", \"CVE-2021-21170\", \"CVE-2021-21171\", \"CVE-2021-21172\", \"CVE-2021-21173\", \"CVE-2021-21174\", \"CVE-2021-21175\", \"CVE-2021-21176\", \"CVE-2021-21177\", \"CVE-2021-21178\", \"CVE-2021-21179\", \"CVE-2021-21180\", \"CVE-2021-21181\", \"CVE-2021-21182\", \"CVE-2021-21183\", \"CVE-2021-21184\", \"CVE-2021-21185\", \"CVE-2021-21186\", \"CVE-2021-21187\", \"CVE-2021-21188\", \"CVE-2021-21189\", \"CVE-2021-2119\", \"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\", \"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\", \"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21206\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21220\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\", \"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n script_xref(name:\"GLSA\", value:\"202104-08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-08\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-90.0.4430.93'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-90.0.4430.93'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:38", "description": "This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config UI\n\n - CVE-2021-21213: Use after free in WebMIDI", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2021-629)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-629.NASL", "href": "https://www.tenable.com/plugins/nessus/149603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149603);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21221\",\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\",\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2021-629)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in\n extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in\n navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted\n input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR\n scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in\n Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config\n UI\n\n - CVE-2021-21213: Use after free in WebMIDI\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=11845047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-05T16:58:14", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-c88a96bd4b advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\n - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21159, CVE-2021-21161)\n\n - Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21160)\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21162)\n\n - Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. (CVE-2021-21163)\n\n - Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21164)\n\n - Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21165, CVE-2021-21166)\n\n - Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21167)\n\n - Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21168)\n\n - Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21169)\n\n - Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21170)\n\n - Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21171)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21172)\n\n - Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21173)\n\n - Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21174)\n\n - Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21175)\n\n - Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21176)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21177)\n\n - Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21178)\n\n - Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21179)\n\n - Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21180)\n\n - Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21181)\n\n - Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21182)\n\n - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21183, CVE-2021-21184)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. (CVE-2021-21185)\n\n - Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.\n (CVE-2021-21186)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2021-21187)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21188)\n\n - Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21189)\n\n - Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. (CVE-2021-21190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-22T00:00:00", "type": "nessus", "title": "Fedora 32 : chromium (2021-c88a96bd4b)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-C88A96BD4B.NASL", "href": "https://www.tenable.com/plugins/nessus/147941", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-c88a96bd4b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147941);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-c88a96bd4b\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 32 : chromium (2021-c88a96bd4b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-c88a96bd4b advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote\n attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted\n HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\n - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21159, CVE-2021-21161)\n\n - Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21160)\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21162)\n\n - Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page and a malicious server. (CVE-2021-21163)\n\n - Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21164)\n\n - Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit\n heap corruption via a crafted HTML page. (CVE-2021-21165, CVE-2021-21166)\n\n - Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21167)\n\n - Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21168)\n\n - Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21169)\n\n - Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had\n compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21170)\n\n - Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21171)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21172)\n\n - Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21173)\n\n - Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21174)\n\n - Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21175)\n\n - Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21176)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21177)\n\n - Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21178)\n\n - Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21179)\n\n - Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21180)\n\n - Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21181)\n\n - Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML\n page. (CVE-2021-21182)\n\n - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21183, CVE-2021-21184)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker\n who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome\n Extension. (CVE-2021-21185)\n\n - Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an\n attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.\n (CVE-2021-21186)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2021-21187)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21188)\n\n - Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21189)\n\n - Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted PDF file. (CVE-2021-21190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-c88a96bd4b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21190\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-89.0.4389.82-1.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:21:42", "description": "This update for chromium fixes the following issues :\n\nUpdate to 89.0.4389.72 (boo#1182358, boo#1182960) :\n\n - CVE-2021-21159: Heap buffer overflow in TabStrip.\n\n - CVE-2021-21160: Heap buffer overflow in WebAudio.\n\n - CVE-2021-21161: Heap buffer overflow in TabStrip.\n\n - CVE-2021-21162: Use after free in WebRTC.\n\n - CVE-2021-21163: Insufficient data validation in Reader Mode.\n\n - CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n\n - CVE-2021-21165: Object lifecycle issue in audio.\n\n - CVE-2021-21166: Object lifecycle issue in audio.\n\n - CVE-2021-21167: Use after free in bookmarks.\n\n - CVE-2021-21168: Insufficient policy enforcement in appcache.\n\n - CVE-2021-21169: Out of bounds memory access in V8.\n\n - CVE-2021-21170: Incorrect security UI in Loader.\n\n - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n\n - CVE-2021-21172: Insufficient policy enforcement in File System API.\n\n - CVE-2021-21173: Side-channel information leakage in Network Internals.\n\n - CVE-2021-21174: Inappropriate implementation in Referrer.\n\n - CVE-2021-21175: Inappropriate implementation in Site isolation.\n\n - CVE-2021-21176: Inappropriate implementation in full screen mode.\n\n - CVE-2021-21177: Insufficient policy enforcement in Autofill.\n\n - CVE-2021-21178: Inappropriate implementation in Compositing.\n\n - CVE-2021-21179: Use after free in Network Internals.\n\n - CVE-2021-21180: Use after free in tab search.\n\n - CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n\n - CVE-2021-21181: Side-channel information leakage in autofill.\n\n - CVE-2021-21182: Insufficient policy enforcement in navigations.\n\n - CVE-2021-21183: Inappropriate implementation in performance APIs.\n\n - CVE-2021-21184: Inappropriate implementation in performance APIs.\n\n - CVE-2021-21185: Insufficient policy enforcement in extensions.\n\n - CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n\n - CVE-2021-21187: Insufficient data validation in URL formatting.\n\n - CVE-2021-21188: Use after free in Blink.\n\n - CVE-2021-21189: Insufficient policy enforcement in payments.\n\n - CVE-2021-21190: Uninitialized Use in PDFium.\n\n - CVE-2021-21149: Stack overflow in Data Transfer.\n\n - CVE-2021-21150: Use after free in Downloads.\n\n - CVE-2021-21151: Use after free in Payments.\n\n - CVE-2021-21152: Heap buffer overflow in Media.\n\n - CVE-2021-21153: Stack overflow in GPU Process. \n\n - CVE-2021-21154: Heap buffer overflow in Tab Strip.\n\n - CVE-2021-21155: Heap buffer overflow in Tab Strip.\n\n - CVE-2021-21156: Heap buffer overflow in V8.\n\n - CVE-2021-21157: Use after free in Web Sockets. \n\n - Fixed Sandbox with glibc 2.33 (boo#1182233)\n\n - Fixed an issue where chromium hangs on opening (boo#1182775).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-392)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-392.NASL", "href": "https://www.tenable.com/plugins/nessus/147606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147606);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27844\",\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-392)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 89.0.4389.72 (boo#1182358, boo#1182960) :\n\n - CVE-2021-21159: Heap buffer overflow in TabStrip.\n\n - CVE-2021-21160: Heap buffer overflow in WebAudio.\n\n - CVE-2021-21161: Heap buffer overflow in TabStrip.\n\n - CVE-2021-21162: Use after free in WebRTC.\n\n - CVE-2021-21163: Insufficient data validation in Reader\n Mode.\n\n - CVE-2021-21164: Insufficient data validation in Chrome\n for iOS.\n\n - CVE-2021-21165: Object lifecycle issue in audio.\n\n - CVE-2021-21166: Object lifecycle issue in audio.\n\n - CVE-2021-21167: Use after free in bookmarks.\n\n - CVE-2021-21168: Insufficient policy enforcement in\n appcache.\n\n - CVE-2021-21169: Out of bounds memory access in V8.\n\n - CVE-2021-21170: Incorrect security UI in Loader.\n\n - CVE-2021-21171: Incorrect security UI in TabStrip and\n Navigation.\n\n - CVE-2021-21172: Insufficient policy enforcement in File\n System API.\n\n - CVE-2021-21173: Side-channel information leakage in\n Network Internals.\n\n - CVE-2021-21174: Inappropriate implementation in\n Referrer.\n\n - CVE-2021-21175: Inappropriate implementation in Site\n isolation.\n\n - CVE-2021-21176: Inappropriate implementation in full\n screen mode.\n\n - CVE-2021-21177: Insufficient policy enforcement in\n Autofill.\n\n - CVE-2021-21178: Inappropriate implementation in\n Compositing.\n\n - CVE-2021-21179: Use after free in Network Internals.\n\n - CVE-2021-21180: Use after free in tab search.\n\n - CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n\n - CVE-2021-21181: Side-channel information leakage in\n autofill.\n\n - CVE-2021-21182: Insufficient policy enforcement in\n navigations.\n\n - CVE-2021-21183: Inappropriate implementation in\n performance APIs.\n\n - CVE-2021-21184: Inappropriate implementation in\n performance APIs.\n\n - CVE-2021-21185: Insufficient policy enforcement in\n extensions.\n\n - CVE-2021-21186: Insufficient policy enforcement in QR\n scanning.\n\n - CVE-2021-21187: Insufficient data validation in URL\n formatting.\n\n - CVE-2021-21188: Use after free in Blink.\n\n - CVE-2021-21189: Insufficient policy enforcement in\n payments.\n\n - CVE-2021-21190: Uninitialized Use in PDFium.\n\n - CVE-2021-21149: Stack overflow in Data Transfer.\n\n - CVE-2021-21150: Use after free in Downloads.\n\n - CVE-2021-21151: Use after free in Payments.\n\n - CVE-2021-21152: Heap buffer overflow in Media.\n\n - CVE-2021-21153: Stack overflow in GPU Process. \n\n - CVE-2021-21154: Heap buffer overflow in Tab Strip.\n\n - CVE-2021-21155: Heap buffer overflow in Tab Strip.\n\n - CVE-2021-21156: Heap buffer overflow in V8.\n\n - CVE-2021-21157: Use after free in Web Sockets. \n\n - Fixed Sandbox with glibc 2.33 (boo#1182233)\n\n - Fixed an issue where chromium hangs on opening\n (boo#1182775).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182775\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-89.0.4389.72-lp152.2.77.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-89.0.4389.72-lp152.2.77.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-89.0.4389.72-lp152.2.77.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-89.0.4389.72-lp152.2.77.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:47:27", "description": "Several vulnerabilites have been discovered in the chromium web browser.\n\n - CVE-2021-21159 Khalil Zhani discovered a buffer overflow issue in the tab implementation.\n\n - CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio.\n\n - CVE-2021-21161 Khalil Zhani discovered a buffer overflow issue in the tab implementation.\n\n - CVE-2021-21162 A use-after-free issue was discovered in the WebRTC implementation.\n\n - CVE-2021-21163 Alison Huffman discovered a data validation issue.\n\n - CVE-2021-21165 Alison Huffman discovered an error in the audio implementation.\n\n - CVE-2021-21166 Alison Huffman discovered an error in the audio implementation.\n\n - CVE-2021-21167 Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks implementation.\n\n - CVE-2021-21168 Luan Herrera discovered a policy enforcement error in the appcache.\n\n - CVE-2021-21169 Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the v8 JavaScript library.\n\n - CVE-2021-21170 David Erceg discovered a user interface error.\n\n - CVE-2021-21171 Irvan Kurniawan discovered a user interface error.\n\n - CVE-2021-21172 Maciej Pulikowski discovered a policy enforcement error in the File System API.\n\n - CVE-2021-21173 Tom Van Goethem discovered a network based information leak.\n\n - CVE-2021-21174 Ashish Guatam Kambled discovered an implementation error in the Referrer policy.\n\n - CVE-2021-21175 Jun Kokatsu discovered an implementation error in the Site Isolation feature.\n\n - CVE-2021-21176 Luan Herrera discovered an implementation error in the full screen mode.\n\n - CVE-2021-21177 Abdulrahman Alqabandi discovered a policy enforcement error in the Autofill feature.\n\n - CVE-2021-21178 Japong discovered an error in the Compositor implementation.\n\n - CVE-2021-21179 A use-after-free issue was discovered in the networking implementation.\n\n - CVE-2021-21180 Abdulrahman Alqabandi discovered a use-after-free issue in the tab search feature.\n\n - CVE-2021-21181 Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel information leak in the Autofill feature.\n\n - CVE-2021-21182 Luan Herrera discovered a policy enforcement error in the site navigation implementation.\n\n - CVE-2021-21183 Takashi Yoneuchi discovered an implementation error in the Performance API.\n\n - CVE-2021-21184 James Hartig discovered an implementation error in the Performance API.\n\n - CVE-2021-21185 David Erceg discovered a policy enforcement error in Extensions.\n\n - CVE-2021-21186 dhirajkumarnifty discovered a policy enforcement error in the QR scan implementation.\n\n - CVE-2021-21187 Kirtikumar Anandrao Ramchandani discovered a data validation error in URL formatting.\n\n - CVE-2021-21188 Woojin Oh discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21189 Khalil Zhani discovered a policy enforcement error in the Payments implementation.\n\n - CVE-2021-21190 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21191 raven discovered a use-after-free issue in the WebRTC implementation.\n\n - CVE-2021-21192 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.\n\n - CVE-2021-21193 A use-after-free issue was discovered in Blink/Webkit.\n\n - CVE-2021-21194 Leecraso and Guang Gong discovered a use-after-free issue in the screen capture feature.\n\n - CVE-2021-21195 Liu and Liang discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2021-21196 Khalil Zhani discovered a buffer overflow issue in the tab implementation.\n\n - CVE-2021-21197 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation.\n\n - CVE-2021-21198 Mark Brand discovered an out-of-bounds read issue in the Inter-Process Communication implementation.\n\n - CVE-2021-21199 Weipeng Jiang discovered a use-after-free issue in the Aura window and event manager.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-07T00:00:00", "type": "nessus", "title": "Debian DSA-4886-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2022-01-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4886.NASL", "href": "https://www.tenable.com/plugins/nessus/148364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4886. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148364);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\"CVE-2021-21159\", \"CVE-2021-21160\", \"CVE-2021-21161\", \"CVE-2021-21162\", \"CVE-2021-21163\", \"CVE-2021-21165\", \"CVE-2021-21166\", \"CVE-2021-21167\", \"CVE-2021-21168\", \"CVE-2021-21169\", \"CVE-2021-21170\", \"CVE-2021-21171\", \"CVE-2021-21172\", \"CVE-2021-21173\", \"CVE-2021-21174\", \"CVE-2021-21175\", \"CVE-2021-21176\", \"CVE-2021-21177\", \"CVE-2021-21178\", \"CVE-2021-21179\", \"CVE-2021-21180\", \"CVE-2021-21181\", \"CVE-2021-21182\", \"CVE-2021-21183\", \"CVE-2021-21184\", \"CVE-2021-21185\", \"CVE-2021-21186\", \"CVE-2021-21187\", \"CVE-2021-21188\", \"CVE-2021-21189\", \"CVE-2021-21190\", \"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\", \"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\");\n script_xref(name:\"DSA\", value:\"4886\");\n script_xref(name:\"IAVA\", value:\"2021-A-0152-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4886-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilites have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21159\n Khalil Zhani discovered a buffer overflow issue in the\n tab implementation.\n\n - CVE-2021-21160\n Marcin Noga discovered a buffer overflow issue in\n WebAudio.\n\n - CVE-2021-21161\n Khalil Zhani discovered a buffer overflow issue in the\n tab implementation.\n\n - CVE-2021-21162\n A use-after-free issue was discovered in the WebRTC\n implementation.\n\n - CVE-2021-21163\n Alison Huffman discovered a data validation issue.\n\n - CVE-2021-21165\n Alison Huffman discovered an error in the audio\n implementation.\n\n - CVE-2021-21166\n Alison Huffman discovered an error in the audio\n implementation.\n\n - CVE-2021-21167\n Leecraso and Guang Gong discovered a use-after-free\n issue in the bookmarks implementation.\n\n - CVE-2021-21168\n Luan Herrera discovered a policy enforcement error in\n the appcache.\n\n - CVE-2021-21169\n Bohan Liu and Moon Liang discovered an out-of-bounds\n access issue in the v8 JavaScript library.\n\n - CVE-2021-21170\n David Erceg discovered a user interface error.\n\n - CVE-2021-21171\n Irvan Kurniawan discovered a user interface error.\n\n - CVE-2021-21172\n Maciej Pulikowski discovered a policy enforcement error\n in the File System API.\n\n - CVE-2021-21173\n Tom Van Goethem discovered a network based information\n leak.\n\n - CVE-2021-21174\n Ashish Guatam Kambled discovered an implementation error\n in the Referrer policy.\n\n - CVE-2021-21175\n Jun Kokatsu discovered an implementation error in the\n Site Isolation feature.\n\n - CVE-2021-21176\n Luan Herrera discovered an implementation error in the\n full screen mode.\n\n - CVE-2021-21177\n Abdulrahman Alqabandi discovered a policy enforcement\n error in the Autofill feature.\n\n - CVE-2021-21178\n Japong discovered an error in the Compositor\n implementation.\n\n - CVE-2021-21179\n A use-after-free issue was discovered in the networking\n implementation.\n\n - CVE-2021-21180\n Abdulrahman Alqabandi discovered a use-after-free issue\n in the tab search feature.\n\n - CVE-2021-21181\n Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a\n side-channel information leak in the Autofill feature.\n\n - CVE-2021-21182\n Luan Herrera discovered a policy enforcement error in\n the site navigation implementation.\n\n - CVE-2021-21183\n Takashi Yoneuchi discovered an implementation error in\n the Performance API.\n\n - CVE-2021-21184\n James Hartig discovered an implementation error in the\n Performance API.\n\n - CVE-2021-21185\n David Erceg discovered a policy enforcement error in\n Extensions.\n\n - CVE-2021-21186\n dhirajkumarnifty discovered a policy enforcement error\n in the QR scan implementation.\n\n - CVE-2021-21187\n Kirtikumar Anandrao Ramchandani discovered a data\n validation error in URL formatting.\n\n - CVE-2021-21188\n Woojin Oh discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2021-21189\n Khalil Zhani discovered a policy enforcement error in\n the Payments implementation.\n\n - CVE-2021-21190\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21191\n raven discovered a use-after-free issue in the WebRTC\n implementation.\n\n - CVE-2021-21192\n Abdulrahman Alqabandi discovered a buffer overflow issue\n in the tab implementation.\n\n - CVE-2021-21193\n A use-after-free issue was discovered in Blink/Webkit.\n\n - CVE-2021-21194\n Leecraso and Guang Gong discovered a use-after-free\n issue in the screen capture feature.\n\n - CVE-2021-21195\n Liu and Liang discovered a use-after-free issue in the\n v8 JavaScript library.\n\n - CVE-2021-21196\n Khalil Zhani discovered a buffer overflow issue in the\n tab implementation.\n\n - CVE-2021-21197\n Abdulrahman Alqabandi discovered a buffer overflow issue\n in the tab implementation.\n\n - CVE-2021-21198\n Mark Brand discovered an out-of-bounds read issue in the\n Inter-Process Communication implementation.\n\n - CVE-2021-21199\n Weipeng Jiang discovered a use-after-free issue in the\n Aura window and event manager.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4886\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 89.0.4389.114-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"89.0.4389.114-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:29", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\n - CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions.\n\n - CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21204 Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205 Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207 koocola and Nan Wang discovered a use-after-free in the indexed database.\n\n - CVE-2021-21208 Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\n - CVE-2021-21209 Tom Van Goethem discovered an implementation error in the Storage API.\n\n - CVE-2021-21210 @bananabr discovered an error in the networking implementation.\n\n - CVE-2021-21211 Akash Labade discovered an error in the navigation implementation.\n\n - CVE-2021-21212 Hugo Hue and Sze Yui Chau discovered an error in the network configuration user interface.\n\n - CVE-2021-21213 raven discovered a use-after-free issue in the WebMIDI implementation.\n\n - CVE-2021-21214 A use-after-free issue was discovered in the networking implementation.\n\n - CVE-2021-21215 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21216 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21217 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21218 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21219 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21221 Guang Gong discovered insufficient validation of untrusted input.\n\n - CVE-2021-21222 Guang Gong discovered a buffer overflow issue in the v8 JavaScript library.\n\n - CVE-2021-21223 Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224 Jose Martinez discovered a type error in the v8 JavaScript library.\n\n - CVE-2021-21225 Brendon Tiszka discovered an out-of-bounds memory access issue in the v8 JavaScript library.\n\n - CVE-2021-21226 Brendon Tiszka discovered a use-after-free issue in the networking implementation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Debian DSA-4906-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4906.NASL", "href": "https://www.tenable.com/plugins/nessus/149082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149082);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"DSA\", value:\"4906\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4906-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21201\n Gengming Liu and Jianyu Chen discovered a use-after-free\n issue.\n\n - CVE-2021-21202\n David Erceg discovered a use-after-free issue in\n extensions.\n\n - CVE-2021-21203\n asnine discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2021-21204\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander\n discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205\n Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207\n koocola and Nan Wang discovered a use-after-free in the\n indexed database.\n\n - CVE-2021-21208\n Ahmed Elsobky discovered a data validation error in the\n QR code scanner.\n\n - CVE-2021-21209\n Tom Van Goethem discovered an implementation error in\n the Storage API.\n\n - CVE-2021-21210\n @bananabr discovered an error in the networking\n implementation.\n\n - CVE-2021-21211\n Akash Labade discovered an error in the navigation\n implementation.\n\n - CVE-2021-21212\n Hugo Hue and Sze Yui Chau discovered an error in the\n network configuration user interface.\n\n - CVE-2021-21213\n raven discovered a use-after-free issue in the WebMIDI\n implementation.\n\n - CVE-2021-21214\n A use-after-free issue was discovered in the networking\n implementation.\n\n - CVE-2021-21215\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21216\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21217\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21218\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21219\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21221\n Guang Gong discovered insufficient validation of\n untrusted input.\n\n - CVE-2021-21222\n Guang Gong discovered a buffer overflow issue in the v8\n JavaScript library.\n\n - CVE-2021-21223\n Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224\n Jose Martinez discovered a type error in the v8\n JavaScript library.\n\n - CVE-2021-21225\n Brendon Tiszka discovered an out-of-bounds memory access\n issue in the v8 JavaScript library.\n\n - CVE-2021-21226\n Brendon Tiszka discovered a use-after-free issue in the\n networking implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4906\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 90.0.4430.85-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:00:59", "description": "Chrome Releases reports :\n\nThis release contains 37 security fixes, including :\n\n- [1025683] High CVE-2021-21201: Use after free in permissions.\nReported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18\n\n- [1188889] High CVE-2021-21202: Use after free in extensions.\nReported by David Erceg on 2021-03-16\n\n- [1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24\n\n- [1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19\n\n- [1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12\n\n- [1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08\n\n- [1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n\n- [1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n\n- [1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04\n\n- [1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n\n- [1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03\n\n- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25\n\n- [1170148] Medium CVE-2021-21214: Use after free in Network API.\nReported by Anonymous on 2021-01-24\n\n- [1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30\n\n- [1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02\n\n- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F3D864399DEF11EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148704);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 37 security fixes, including :\n\n- [1025683] High CVE-2021-21201: Use after free in permissions.\nReported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on\n2019-11-18\n\n- [1188889] High CVE-2021-21202: Use after free in extensions.\nReported by David Erceg on 2021-03-16\n\n- [1192054] High CVE-2021-21203: Use after free in Blink. Reported by\nasnine on 2021-03-24\n\n- [1189926] High CVE-2021-21204: Use after free in Blink. Reported by\nChelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on\n2021-03-19\n\n- [1165654] High CVE-2021-21205: Insufficient policy enforcement in\nnavigation. Reported by Alison Huffman, Microsoft Browser\nVulnerability Research on 2021-01-12\n\n- [1195333] High CVE-2021-21221: Insufficient validation of untrusted\ninput in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on\n2021-04-02\n\n- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360\nAlpha Lab on 2021-03-08\n\n- [1039539] Medium CVE-2021-21208: Insufficient data validation in QR\nscanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n\n- [1143526] Medium CVE-2021-21209: Inappropriate implementation in\nstorage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n\n- [1184562] Medium CVE-2021-21210: Inappropriate implementation in\nNetwork. Reported by @bananabr on 2021-03-04\n\n- [1103119] Medium CVE-2021-21211: Inappropriate implementation in\nNavigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n\n- [1145024] Medium CVE-2021-21212: Incorrect security UI in Network\nConfig UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\nUniversity of Hong Kong on 2020-11-03\n\n- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported\nby raven (@raid_akame) on 2020-12-25\n\n- [1170148] Medium CVE-2021-21214: Use after free in Network API.\nReported by Anonymous on 2021-01-24\n\n- [1172533] Medium CVE-2021-21215: Inappropriate implementation in\nAutofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\nVulnerability Research on 2021-01-30\n\n- [1173297] Medium CVE-2021-21216: Inappropriate implementation in\nAutofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\nVulnerability Research on 2021-02-02\n\n- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n # https://vuxml.freebsd.org/freebsd/f3d86439-9def-11eb-97a0-e09467587c17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2e18135\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.72\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:40", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL", "href": "https://www.tenable.com/plugins/nessus/148693", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148693);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-15-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de6e5227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.818.39 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.818.39' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:13", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_72.NASL", "href": "https://www.tenable.com/plugins/nessus/148558", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148558);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Google Chrome < 90.0.4430.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.72. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1188889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1192054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1185732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1103119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.72', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:56", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_72.NASL", "href": "https://www.tenable.com/plugins/nessus/148559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148559);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Google Chrome < 90.0.4430.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.72. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1188889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1192054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1185732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1103119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.72', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:14", "description": "The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_89_0_4389_72.NASL", "href": "https://www.tenable.com/plugins/nessus/146948", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146948);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27844\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0117-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.72. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc64b00e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1171049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1111239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1164846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1111646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1154250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1158010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1146651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1049265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1105875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1131929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1153445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'89.0.4389.72', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:44:28", "description": "The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_89_0_4389_72.NASL", "href": "https://www.tenable.com/plugins/nessus/146949", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146949);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27844\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0117-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.72. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc64b00e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1171049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1111239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1164846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1111646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1154250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1158010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1146651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1174943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1049265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1105875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1131929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1153445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'89.0.4389.72', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:46:13", "description": "Chrome Releases reports :\n\nThis release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. Please see URL for details.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-05T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f00b65d8-7ccb-11eb-b3be-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F00B65D87CCB11EBB3BEE09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/147152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147152);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27844\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f00b65d8-7ccb-11eb-b3be-e09467587c17)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release includes 47 security fixes, including the below. Google\nis aware of reports that an exploit for CVE-2021-21166 exists in the\nwild. Please see URL for details.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc64b00e\");\n # https://vuxml.freebsd.org/freebsd/f00b65d8-7ccb-11eb-b3be-e09467587c17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b92bef2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<89.0.4389.72\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:47:09", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-4740239e28 advisory.\n\n - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21159, CVE-2021-21161)\n\n - Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21160)\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21162)\n\n - Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. (CVE-2021-21163)\n\n - Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21164)\n\n - Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21165, CVE-2021-21166)\n\n - Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21167)\n\n - Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21168)\n\n - Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21169)\n\n - Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21170)\n\n - Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21171)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21172)\n\n - Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21173)\n\n - Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21174)\n\n - Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21175)\n\n - Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21176)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21177)\n\n - Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21178)\n\n - Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21179)\n\n - Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21180)\n\n - Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21181)\n\n - Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21182)\n\n - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21183, CVE-2021-21184)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. (CVE-2021-21185)\n\n - Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.\n (CVE-2021-21186)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2021-21187)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21188)\n\n - Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21189)\n\n - Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. (CVE-2021-21190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "Fedora 33 : chromium (2021-4740239e28)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-01-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-4740239E28.NASL", "href": "https://www.tenable.com/plugins/nessus/148782", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-4740239e28\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148782);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-4740239e28\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 33 : chromium (2021-4740239e28)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-4740239e28 advisory.\n\n - Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21159, CVE-2021-21161)\n\n - Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21160)\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21162)\n\n - Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page and a malicious server. (CVE-2021-21163)\n\n - Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21164)\n\n - Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit\n heap corruption via a crafted HTML page. (CVE-2021-21165, CVE-2021-21166)\n\n - Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21167)\n\n - Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21168)\n\n - Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21169)\n\n - Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had\n compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21170)\n\n - Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21171)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21172)\n\n - Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21173)\n\n - Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21174)\n\n - Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21175)\n\n - Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21176)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21177)\n\n - Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-21178)\n\n - Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21179)\n\n - Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21180)\n\n - Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n (CVE-2021-21181)\n\n - Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML\n page. (CVE-2021-21182)\n\n - Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21183, CVE-2021-21184)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker\n who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome\n Extension. (CVE-2021-21185)\n\n - Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an\n attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.\n (CVE-2021-21186)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2021-21187)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21188)\n\n - Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21189)\n\n - Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted PDF file. (CVE-2021-21190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-4740239e28\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-89.0.4389.90-3.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:48", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory.\n\n - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27844)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-08T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_89_0_774_45.NASL", "href": "https://www.tenable.com/plugins/nessus/147192", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147192);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27844\",\n \"CVE-2021-21159\",\n \"CVE-2021-21160\",\n \"CVE-2021-21161\",\n \"CVE-2021-21162\",\n \"CVE-2021-21163\",\n \"CVE-2021-21164\",\n \"CVE-2021-21165\",\n \"CVE-2021-21166\",\n \"CVE-2021-21167\",\n \"CVE-2021-21168\",\n \"CVE-2021-21169\",\n \"CVE-2021-21170\",\n \"CVE-2021-21171\",\n \"CVE-2021-21172\",\n \"CVE-2021-21173\",\n \"CVE-2021-21174\",\n \"CVE-2021-21175\",\n \"CVE-2021-21176\",\n \"CVE-2021-21177\",\n \"CVE-2021-21178\",\n \"CVE-2021-21179\",\n \"CVE-2021-21180\",\n \"CVE-2021-21181\",\n \"CVE-2021-21182\",\n \"CVE-2021-21183\",\n \"CVE-2021-21184\",\n \"CVE-2021-21185\",\n \"CVE-2021-21186\",\n \"CVE-2021-21187\",\n \"CVE-2021-21188\",\n \"CVE-2021-21189\",\n \"CVE-2021-21190\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected\nby multiple vulnerabilities as referenced in the March 4, 2021 advisory.\n\n - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an\n attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds\n write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-27844)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-4-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2e30009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 89.0.774.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '89.0.774.45' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-03-06T14:20:12", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 JavaScript library.\n\n - CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation.\n\n - CVE-2021-21150 Woojin Oh discovered a use-after-free issue in the file downloader.\n\n - CVE-2021-21151 Khalil Zhani discovered a use-after-free issue in the payments system.\n\n - CVE-2021-21152 A buffer overflow was discovered in media handling.\n\n - CVE-2021-21153 Jan Ruge discovered a stack overflow issue in the GPU process.\n\n - CVE-2021-21154 Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip implementation.\n\n - CVE-2021-21155 Khalil Zhani discovered a buffer overflow issue in the Tab Strip implementation.\n\n - CVE-2021-21156 Sergei Glazunov discovered a buffer overflow issue in the v8 JavaScript library.\n\n - CVE-2021-21157 A use-after-free issue was discovered in the Web Sockets implementation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "Debian DSA-4858-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4858.NASL", "href": "https://www.tenable.com/plugins/nessus/146757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4858. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146757);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-21148\", \"CVE-2021-21149\", \"CVE-2021-21150\", \"CVE-2021-21151\", \"CVE-2021-21152\", \"CVE-2021-21153\", \"CVE-2021-21154\", \"CVE-2021-21155\", \"CVE-2021-21156\", \"CVE-2021-21157\");\n script_xref(name:\"DSA\", value:\"4858\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"Debian DSA-4858-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21148\n Mattias Buelens discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21149\n Ryoya Tsukasaki discovered a stack overflow issue in the\n Data Transfer implementation.\n\n - CVE-2021-21150\n Woojin Oh discovered a use-after-free issue in the file\n downloader.\n\n - CVE-2021-21151\n Khalil Zhani discovered a use-after-free issue in the\n payments system.\n\n - CVE-2021-21152\n A buffer overflow was discovered in media handling.\n\n - CVE-2021-21153\n Jan Ruge discovered a stack overflow issue in the GPU\n process.\n\n - CVE-2021-21154\n Abdulrahman Alqabandi discovered a buffer overflow issue\n in the Tab Strip implementation.\n\n - CVE-2021-21155\n Khalil Zhani discovered a buffer overflow issue in the\n Tab Strip implementation.\n\n - CVE-2021-21156\n Sergei Glazunov discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21157\n A use-after-free issue was discovered in the Web Sockets\n implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4858\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 88.0.4324.182-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:22:41", "description": "This update for opera fixes the following issues :\n\n - Update to version 74.0.3911.203\n\n - CHR-8324 Update chromium on desktop-stable-88-3911 to 88.0.4324.182(boo#1182358)\n\n - DNA-90762 Replace &ldquo;Don&rsquo;t show again&rdquo;\n with &ldquo;Discard&rdquo;\n\n - DNA-90974 Crash at opera::PersistentRecentlyClosedWindows::GetEntryType(Ses sionID)\n\n - DNA-91289 [Search tabs] Wrong tab stays highlighted after removing another tab\n\n - DNA-91476 Invalid memory dereference PlayerServiceBrowsertest\n\n - DNA-91502 Change system name on opera://about page for MacOS\n\n - DNA-91740 Missing title in Extensions Toolbar Menu\n\n - The update to chromium 88.0.4324.182 fixes following issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157\n\n - Update to version 74.0.3911.160\n\n - DNA-90409 Cleanup JavaScript dialogs: app modal & tab modal\n\n - DNA-90720 [Search Tabs] Allow discarding recently closed items\n\n - DNA-90802 [Windows] Debug fails on linking\n\n - DNA-91130 heap-use-after-free in CashbackBackendServiceTest.AutoUpdateSchedule\n\n - DNA-91152 Allow reading agent variables in trigger conditions\n\n - DNA-91225 [Search tabs] The webpage doesn&rsquo;t move from &ldquo;Open tabs&rdquo; to &ldquo;Recently closed&rdquo; section\n\n - DNA-91243 Add Rich Hint support for the cashback badge and popup\n\n - DNA-91483 component_unittests are timing out\n\n - DNA-91516 Sidebar setup opens only with cashback enabled\n\n - DNA-91601 No text in 1st line of address bar dropdown suggestions\n\n - DNA-91603 Jumbo build problem on desktop-stable-88-3911", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-413)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-413.NASL", "href": "https://www.tenable.com/plugins/nessus/148839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-413.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148839);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-21148\",\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-413)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for opera fixes the following issues :\n\n - Update to version 74.0.3911.203\n\n - CHR-8324 Update chromium on desktop-stable-88-3911 to\n 88.0.4324.182(boo#1182358)\n\n - DNA-90762 Replace &ldquo;Don&rsquo;t show again&rdquo;\n with &ldquo;Discard&rdquo;\n\n - DNA-90974 Crash at\n opera::PersistentRecentlyClosedWindows::GetEntryType(Ses\n sionID)\n\n - DNA-91289 [Search tabs] Wrong tab stays highlighted\n after removing another tab\n\n - DNA-91476 Invalid memory dereference\n PlayerServiceBrowsertest\n\n - DNA-91502 Change system name on opera://about page for\n MacOS\n\n - DNA-91740 Missing title in Extensions Toolbar Menu\n\n - The update to chromium 88.0.4324.182 fixes following\n issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151,\n CVE-2021-21152, CVE-2021-21153, CVE-2021-21154,\n CVE-2021-21155, CVE-2021-21156, CVE-2021-21157\n\n - Update to version 74.0.3911.160\n\n - DNA-90409 Cleanup JavaScript dialogs: app modal & tab\n modal\n\n - DNA-90720 [Search Tabs] Allow discarding recently closed\n items\n\n - DNA-90802 [Windows] Debug fails on linking\n\n - DNA-91130 heap-use-after-free in\n CashbackBackendServiceTest.AutoUpdateSchedule\n\n - DNA-91152 Allow reading agent variables in trigger\n conditions\n\n - DNA-91225 [Search tabs] The webpage doesn&rsquo;t move\n from &ldquo;Open tabs&rdquo; to &ldquo;Recently\n closed&rdquo; section\n\n - DNA-91243 Add Rich Hint support for the cashback badge\n and popup\n\n - DNA-91483 component_unittests are timing out\n\n - DNA-91516 Sidebar setup opens only with cashback enabled\n\n - DNA-91601 No text in 1st line of address bar dropdown\n suggestions\n\n - DNA-91603 Jumbo build problem on desktop-stable-88-3911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182358\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-74.0.3911.203-lp152.2.37.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:20:29", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-aa764a8531 advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "Fedora 33 : chromium (2021-aa764a8531)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-AA764A8531.NASL", "href": "https://www.tenable.com/plugins/nessus/146909", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-aa764a8531\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146909);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-aa764a8531\");\n\n script_name(english:\"Fedora 33 : chromium (2021-aa764a8531)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-aa764a8531 advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote\n attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted\n HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-aa764a8531\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-88.0.4324.182-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:20:12", "description": "Chrome Releases reports :\n\nThis release contains 10 security fixes, including :\n\n- [1138143] High CVE-2021-21149: Stack overflow in Data Transfer.\nReported by Ryoya Tsukasaki on 2020-10-14\n\n- [1172192] High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_exploit) of STEALIEN on 2021-01-29\n\n- [1165624] High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12\n\n- [1166504] High CVE-2021-21152: Heap buffer overflow in Media.\nReported by Anonymous on 2021-01-14\n\n- [1155974] High CVE-2021-21153: Stack overflow in GPU Process.\nReported by Jan Ruge of ERNW GmbH on 2020-12-06\n\n- [1173269] High CVE-2021-21154: Heap buffer overflow in Tab Strip.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01\n\n- [1175500] High CVE-2021-21155: Heap buffer overflow in Tab Strip.\nReported by Khalil Zhani on 2021-02-07\n\n- [1177341] High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11\n\n- [1170657] Medium CVE-2021-21157: Use after free in Web Sockets.\nReported by Anonymous on 2021-01-26", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-18T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (48514901-711d-11eb-9846-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_48514901711D11EB9846E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/146578", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146578);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (48514901-711d-11eb-9846-e09467587c17)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 10 security fixes, including :\n\n- [1138143] High CVE-2021-21149: Stack overflow in Data Transfer.\nReported by Ryoya Tsukasaki on 2020-10-14\n\n- [1172192] High CVE-2021-21150: Use after free in Downloads. Reported\nby Woojin Oh(@pwn_exploit) of STEALIEN on 2021-01-29\n\n- [1165624] High CVE-2021-21151: Use after free in Payments. Reported\nby Khalil Zhani on 2021-01-12\n\n- [1166504] High CVE-2021-21152: Heap buffer overflow in Media.\nReported by Anonymous on 2021-01-14\n\n- [1155974] High CVE-2021-21153: Stack overflow in GPU Process.\nReported by Jan Ruge of ERNW GmbH on 2020-12-06\n\n- [1173269] High CVE-2021-21154: Heap buffer overflow in Tab Strip.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\nResearch on 2021-02-01\n\n- [1175500] High CVE-2021-21155: Heap buffer overflow in Tab Strip.\nReported by Khalil Zhani on 2021-02-07\n\n- [1177341] High CVE-2021-21156: Heap buffer overflow in V8. Reported\nby Sergei Glazunov of Google Project Zero on 2021-02-11\n\n- [1170657] Medium CVE-2021-21157: Use after free in Web Sockets.\nReported by Anonymous on 2021-01-26\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2680b3b\");\n # https://vuxml.freebsd.org/freebsd/48514901-711d-11eb-9846-e09467587c17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9624ed6a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<88.0.4324.182\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:20:11", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected by multiple vulnerabilities as referenced in the February 17, 2021 advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_88_0_705_74.NASL", "href": "https://www.tenable.com/plugins/nessus/146586", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146586);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected\nby multiple vulnerabilities as referenced in the February 17, 2021 advisory.\n\n - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149)\n\n - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21150)\n\n - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151)\n\n - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152)\n\n - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote\n attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153)\n\n - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21154)\n\n - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote\n attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted\n HTML page. (CVE-2021-21155)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to\n potentially exploit heap corruption via a crafted script. (CVE-2021-21156)\n\n - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-17-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?18ef2264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21157\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 88.0.705.74 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '88.0.705.74' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-05T16:56:55", "description": "The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop_16 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Google Chrome < 88.0.4324.182 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_88_0_4324_182.NASL", "href": "https://www.tenable.com/plugins/nessus/146544", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146544);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0100-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.182 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.182. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop_16 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2680b3b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170657\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.182 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'88.0.4324.182', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:20:11", "description": "The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop_16 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Google Chrome < 88.0.4324.182 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_88_0_4324_182.NASL", "href": "https://www.tenable.com/plugins/nessus/146543", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146543);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21149\",\n \"CVE-2021-21150\",\n \"CVE-2021-21151\",\n \"CVE-2021-21152\",\n \"CVE-2021-21153\",\n \"CVE-2021-21154\",\n \"CVE-2021-21155\",\n \"CVE-2021-21156\",\n \"CVE-2021-21157\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0100-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.182 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.182. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop_16 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2680b3b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1155974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1177341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170657\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.182 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'88.0.4324.182', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:38", "description": "This update for opera fixes the following issues :\n\n - Opera was updated to version 75.0.3969.171 (boo#1184256) CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199, CVE-2021-21191, CVE-2021-21192, CVE-2021-21193", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-592)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-592.NASL", "href": "https://www.tenable.com/plugins/nessus/150114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-592.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150114);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-21191\",\n \"CVE-2021-21192\",\n \"CVE-2021-21193\",\n \"CVE-2021-21194\",\n \"CVE-2021-21195\",\n \"CVE-2021-21196\",\n \"CVE-2021-21197\",\n \"CVE-2021-21198\",\n \"CVE-2021-21199\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-592)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for opera fixes the following issues :\n\n - Opera was updated to version 75.0.3969.171 (boo#1184256)\n CVE-2021-21194, CVE-2021-21195, CVE-2021-21196,\n CVE-2021-21197, CVE-2021-21198, CVE-2021-21199,\n CVE-2021-21191, CVE-2021-21192, CVE-2021-21193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184256\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-75.0.3969.171-lp152.2.40.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:03:12", "description": "This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.107\n\n - CHR-8413 Update chromium on desktop-stable-90-4017 to 90.0.4430.93\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-92693 &lsquo;Re-attach tab&rsquo; overlay is not resized with window\n\n - DNA-92926 [Mac][Cashback] &ldquo;Close Tab&rdquo; menu item not greyed out for Cashback corner\n\n - DNA-92934 Report crashes from opera://crashes and Tooltip to new Atlassian\n\n - DNA-92980 Enable tutorials flag on all streams\n\n - The update to chromium 90.0.4430.93 fixes following issues: CVE-2021-21227, CVE-2021-21232, CVE-2021-21233, CVE-2021-21228, CVE-2021-21229, CVE-2021-21230, CVE-2021-21231", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-729)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-729.NASL", "href": "https://www.tenable.com/plugins/nessus/150090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-729.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150090);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-729)\");\n script_summary(english:\"Check for the openSUSE-2021-729 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.107\n\n - CHR-8413 Update chromium on desktop-stable-90-4017 to\n 90.0.4430.93\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-92693 &lsquo;Re-attach tab&rsquo; overlay is not\n resized with window\n\n - DNA-92926 [Mac][Cashback] &ldquo;Close Tab&rdquo; menu\n item not greyed out for Cashback corner\n\n - DNA-92934 Report crashes from opera://crashes and\n Tooltip to new Atlassian\n\n - DNA-92980 Enable tutorials flag on all streams\n\n - The update to chromium 90.0.4430.93 fixes following\n issues: CVE-2021-21227, CVE-2021-21232, CVE-2021-21233,\n CVE-2021-21228, CVE-2021-21229, CVE-2021-21230,\n CVE-2021-21231\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-76.0.4017.107-lp152.2.46.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:02:28", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-21227 Gengming Liu discovered a data validation issue in the v8 JavaScript library.\n\n - CVE-2021-21228 Rob Wu discovered a policy enforcement error.\n\n - CVE-2021-21229 Mohit Raj discovered a user interface error in the file downloader.\n\n - CVE-2021-21230 Manfred Paul discovered use of an incorrect type.\n\n - CVE-2021-21231 Sergei Glazunov discovered a data validation issue in the v8 JavaScript library.\n\n - CVE-2021-21232 Abdulrahman Alqabandi discovered a use-after-free issue in the developer tools.\n\n - CVE-2021-21233 Omair discovered a buffer overflow issue in the ANGLE library.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-4911-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4911.NASL", "href": "https://www.tenable.com/plugins/nessus/149250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4911. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149250);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/07\");\n\n script_cve_id(\"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n script_xref(name:\"DSA\", value:\"4911\");\n\n script_name(english:\"Debian DSA-4911-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21227\n Gengming Liu discovered a data validation issue in the\n v8 JavaScript library.\n\n - CVE-2021-21228\n Rob Wu discovered a policy enforcement error.\n\n - CVE-2021-21229\n Mohit Raj discovered a user interface error in the file\n downloader.\n\n - CVE-2021-21230\n Manfred Paul discovered use of an incorrect type.\n\n - CVE-2021-21231\n Sergei Glazunov discovered a data validation issue in\n the v8 JavaScript library.\n\n - CVE-2021-21232\n Abdulrahman Alqabandi discovered a use-after-free issue\n in the developer tools.\n\n - CVE-2021-21233\n Omair discovered a buffer overflow issue in the ANGLE\n library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4911\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 90.0.4430.93-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"90.0.4430.93-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:55", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.93. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_26 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.93 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_93.NASL", "href": "https://www.tenable.com/plugins/nessus/148996", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148996);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0201-S\");\n\n script_name(english:\"Google Chrome < 90.0.4430.93 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.93. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_26 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1841e4ee\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198696\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.93 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.93', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:12", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.93. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_26 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.93 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-13T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_93.NASL", "href": "https://www.tenable.com/plugins/nessus/148995", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148995);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/13\");\n\n script_cve_id(\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0201-S\");\n\n script_name(english:\"Google Chrome < 90.0.4430.93 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.93. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_26 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1841e4ee\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198696\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.93 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.93', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:12", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-03T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_818_51.NASL", "href": "https://www.tenable.com/plugins/nessus/149090", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149090);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/03\");\n\n script_cve_id(\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-29-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82d8e204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.818.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.818.51' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:00:58", "description": "Chrome Releases reports :\n\nThis release contains 9 security fixes, including :\n\n- [1199345] High CVE-2021-21227: Insufficient data validation in V8.\nReported by Gengming Liu of Singular Security Lab on 2021-04-15\n\n- [1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05\n\n- [1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE.\nReported by Omair on 2021-02-26\n\n- [1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16\n\n- [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12\n\n- [1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13\n\n- [1198696] Low CVE-2021-21231: Insufficient data validation in V8.\nReported by Sergei Glazunov of Google Project Zero on 2021-04-13", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-28T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (9fba80e0-a771-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9FBA80E0A77111EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/149039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149039);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9fba80e0-a771-11eb-97a0-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 9 security fixes, including :\n\n- [1199345] High CVE-2021-21227: Insufficient data validation in V8.\nReported by Gengming Liu of Singular Security Lab on 2021-04-15\n\n- [1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported\nby Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on\n2021-02-05\n\n- [1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE.\nReported by Omair on 2021-02-26\n\n- [1139156] Medium CVE-2021-21228: Insufficient policy enforcement in\nextensions. Reported by Rob Wu on 2020-10-16\n\n- [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in\ndownloads. Reported by Mohit Raj (shadow2639) on 2021-04-12\n\n- [1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by\nManfred Paul on 2021-04-13\n\n- [1198696] Low CVE-2021-21231: Insufficient data validation in V8.\nReported by Sergei Glazunov of Google Project Zero on 2021-04-13\"\n );\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1841e4ee\"\n );\n # https://vuxml.freebsd.org/freebsd/9fba80e0-a771-11eb-97a0-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58be15f1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.93\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:08:29", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-05afa65d39 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "Fedora 33 : chromium (2021-05afa65d39)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-05AFA65D39.NASL", "href": "https://www.tenable.com/plugins/nessus/146363", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-05afa65d39\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146363);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-21142\",\n \"CVE-2021-21143\",\n \"CVE-2021-21144\",\n \"CVE-2021-21145\",\n \"CVE-2021-21146\",\n \"CVE-2021-21147\",\n \"CVE-2021-21148\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-05afa65d39\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"Fedora 33 : chromium (2021-05afa65d39)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-05afa65d39 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to\n spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-05afa65d39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-88.0.4324.150-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:08:30", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-7fb30b9381 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-17T00:00:00", "type": "nessus", "title": "Fedora 32 : chromium (2021-7fb30b9381)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-7FB30B9381.NASL", "href": "https://www.tenable.com/plugins/nessus/146559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-7fb30b9381\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146559);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-21142\",\n \"CVE-2021-21143\",\n \"CVE-2021-21144\",\n \"CVE-2021-21145\",\n \"CVE-2021-21146\",\n \"CVE-2021-21147\",\n \"CVE-2021-21148\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-7fb30b9381\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"Fedora 32 : chromium (2021-7fb30b9381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-7fb30b9381 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to\n spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\n - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fb30b9381\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-88.0.4324.150-1.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:38", "description": "This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.94\n\n - released on the stable branch\n\nUpdate to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85\n\n - DNA-92219 Add bookmark API supports to the front-end\n\n - DNA-92409 [MAC] &lsquo;Present now&rsquo; options windows appear behind detached window\n\n - DNA-92615 Capture tab from the tab context menu\n\n - DNA-92616 Capture tab from Snapshot\n\n - DNA-92617 Capture tab from image context menu\n\n - DNA-92652 Opera 76 translations\n\n - DNA-92680 Make image selector on any page work like bookmarks popup WP2\n\n - DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*)\n\n - DNA-92710 Autoupdate on macOS 11.3 not working\n\n - DNA-92711 Make image selector on any page work like bookmarks popup WP3\n\n - DNA-92730 Make image selector on any page work like bookmarks popup WP4\n\n - DNA-92761 Make image selector on any page work like bookmarks popup WP5\n\n - DNA-92776 Make image selector on any page work like bookmarks popup WP6\n\n - DNA-92862 Make &ldquo;View pinboards&rdquo; button work\n\n - DNA-92906 Provide in-house translations for Cashback strings to Spanish\n\n - DNA-92908 API collides with oneclick installer\n\n - The update to chromium 90.0.4430.85 fixes following issues :\n\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\nUpdate to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128\n\n - DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n\n - DNA-92198 [Arm] Update signing scripts\n\n - DNA-92200 [Arm] Create universal packages from two buildsets\n\n - DNA-92338 [Search tabs] The preview isn&rsquo;t updated when the tab from another window is closed\n\n - DNA-92410 [Download popup] Selected item still looks bad in dark mode\n\n - DNA-92441 Compilation error\n\n - DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz\n\n - DNA-92608 Opera 75 crash during rapid workspace switching\n\n - DNA-92627 Crash at automation::Error::code()\n\n - DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem iumExtensionFeatureEnabled()\n\n - DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button\n\n - DNA-92681 Add missing string in Japanese\n\n - DNA-92684 Fix issues with signing multiple bsids\n\n - DNA-92706 Update repack generation from universal packages\n\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-712)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-712.NASL", "href": "https://www.tenable.com/plugins/nessus/150103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150103);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-712)\");\n script_summary(english:\"Check for the openSUSE-2021-712 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.94\n\n - released on the stable branch\n\nUpdate to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to\n 90.0.4430.85\n\n - DNA-92219 Add bookmark API supports to the front-end\n\n - DNA-92409 [MAC] &lsquo;Present now&rsquo; options\n windows appear behind detached window\n\n - DNA-92615 Capture tab from the tab context menu\n\n - DNA-92616 Capture tab from Snapshot\n\n - DNA-92617 Capture tab from image context menu\n\n - DNA-92652 Opera 76 translations\n\n - DNA-92680 Make image selector on any page work like\n bookmarks popup WP2\n\n - DNA-92707 Crash at void\n base::ObserverList::AddObserver(class\n content::PrerenderHost::Observer*)\n\n - DNA-92710 Autoupdate on macOS 11.3 not working\n\n - DNA-92711 Make image selector on any page work like\n bookmarks popup WP3\n\n - DNA-92730 Make image selector on any page work like\n bookmarks popup WP4\n\n - DNA-92761 Make image selector on any page work like\n bookmarks popup WP5\n\n - DNA-92776 Make image selector on any page work like\n bookmarks popup WP6\n\n - DNA-92862 Make &ldquo;View pinboards&rdquo; button work\n\n - DNA-92906 Provide in-house translations for Cashback\n strings to Spanish\n\n - DNA-92908 API collides with oneclick installer\n\n - The update to chromium 90.0.4430.85 fixes following\n issues :\n\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224,\n CVE-2021-21225, CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\nUpdate to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to\n 89.0.4389.128\n\n - DNA-92113 Windows debug fails to compile\n opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n\n - DNA-92198 [Arm] Update signing scripts\n\n - DNA-92200 [Arm] Create universal packages from two\n buildsets\n\n - DNA-92338 [Search tabs] The preview isn&rsquo;t updated\n when the tab from another window is closed\n\n - DNA-92410 [Download popup] Selected item still looks bad\n in dark mode\n\n - DNA-92441 Compilation error\n\n - DNA-92514 Allow to generate universal DMG package from\n existing universal .tar.xz\n\n - DNA-92608 Opera 75 crash during rapid workspace\n switching\n\n - DNA-92627 Crash at automation::Error::code()\n\n - DNA-92630 Crash at\n opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem\n iumExtensionFeatureEnabled()\n\n - DNA-92648 Amazon icon disappears from Sidebar Extensions\n section after pressing Hide Amazon button\n\n - DNA-92681 Add missing string in Japanese\n\n - DNA-92684 Fix issues with signing multiple bsids\n\n - DNA-92706 Update repack generation from universal\n packages\n\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following\n issues: CVE-2021-21206, CVE-2021-21220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-76/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-76.0.4017.94-lp152.2.43.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:00:38", "description": "The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_30 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-30T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_89_0_4389_114.NASL", "href": "https://www.tenable.com/plugins/nessus/148243", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148243);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-21194\",\n \"CVE-2021-21195\",\n \"CVE-2021-21196\",\n \"CVE-2021-21197\",\n \"CVE-2021-21198\",\n \"CVE-2021-21199\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0152-S\");\n\n script_name(english:\"Google Chrome < 89.0.4389.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_30 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af24d3f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1181228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179635\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'89.0.4389.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T14:59:54", "description": "The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_30 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-30T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-06-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_89_0_4389_114.NASL", "href": "https://www.tenable.com/plugins/nessus/148242", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148242);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2021-21194\",\n \"CVE-2021-21195\",\n \"CVE-2021-21196\",\n \"CVE-2021-21197\",\n \"CVE-2021-21198\",\n \"CVE-2021-21199\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0152-S\");\n\n script_name(english:\"Google Chrome < 89.0.4389.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.114. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_30 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af24d3f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1181228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1182647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1175992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179635\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'89.0.4389.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:41", "description": "This update for chromium fixes the following issues :\n\nUpdate to 89.0.4389.114 boo#1184256\n\n - CVE-2021-21194: Use after free in screen capture\n\n - CVE-2021-21195: Use after free in V8\n\n - CVE-2021-21196: Heap buffer overflow in TabStrip\n\n - CVE-2021-21197: Heap buffer overflow in TabStrip\n\n - CVE-2021-21198: Out of bounds read in IPC\n\n - CVE-2021-21199: Use Use after free in Aura", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-513.NASL", "href": "https://www.tenable.com/plugins/nessus/148324", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148324);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\");\n script_xref(name:\"IAVA\", value:\"2021-A-0152-S\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-513)\");\n script_summary(english:\"Check for the openSUSE-2021-513 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 89.0.4389.114 boo#1184256\n\n - CVE-2021-21194: Use after free in screen capture\n\n - CVE-2021-21195: Use after free in V8\n\n - CVE-2021-21196: Heap buffer overflow in TabStrip\n\n - CVE-2021-21197: Heap buffer overflow in TabStrip\n\n - CVE-2021-21198: Out of bounds read in IPC\n\n - CVE-2021-21199: Use Use after free in Aura\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184256\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-89.0.4389.114-lp152.2.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-89.0.4389.114-lp152.2.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-89.0.4389.114-lp152.2.83.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-89.0.4389.114-lp152.2.83.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:27", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-02T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-06-07T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_89_0_774_68.NASL", "href": "https://www.tenable.com/plugins/nessus/148298", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148298);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2021-21194\",\n \"CVE-2021-21195\",\n \"CVE-2021-21196\",\n \"CVE-2021-21197\",\n \"CVE-2021-21198\",\n \"CVE-2021-21199\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0152-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-1-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3ce740a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21199\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 89.0.774.68 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21199\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '89.0.774.68' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:01:39", "description": "Chrome Releases reports :\n\nThis update contains 8 security fixes, including :\n\n- [1181228] High CVE-2021-21194: Use after free in screen capture.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23\n\n- [1182647] High CVE-2021-21195: Use after free in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26\n\n- [1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip.\nReported by Khalil Zhani on 2021-02-08\n\n- [1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03\n\n- [1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand of Google Project Zero on 2021-03-03\n\n- [1179635] High CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (bddadaa4-9227-11eb-99c5-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BDDADAA4922711EB99C5E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148505", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148505);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (bddadaa4-9227-11eb-99c5-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis update contains 8 security fixes, including :\n\n- [1181228] High CVE-2021-21194: Use after free in screen capture.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23\n\n- [1182647] High CVE-2021-21195: Use after free in V8. Reported by\nBohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu\nLab on 2021-02-26\n\n- [1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip.\nReported by Khalil Zhani on 2021-02-08\n\n- [1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\nResearch on 2021-02-03\n\n- [1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported\nby Mark Brand of Google Project Zero on 2021-03-03\n\n- [1179635] High CVE-2021-21199: Use Use after free in Aura. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup and Evangelos Foutras\"\n );\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af24d3f9\"\n );\n # https://vuxml.freebsd.org/freebsd/bddadaa4-9227-11eb-99c5-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19558db9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<89.0.4389.114\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:09:38", "description": "The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.146. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Google Chrome < 88.0.4324.146 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_88_0_4324_146.NASL", "href": "https://www.tenable.com/plugins/nessus/146060", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146060);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-21142\",\n \"CVE-2021-21143\",\n \"CVE-2021-21144\",\n \"CVE-2021-21145\",\n \"CVE-2021-21146\",\n \"CVE-2021-21147\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0059-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.146 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.146. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a97ab3be\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1169317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1154965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1162942\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.146 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'88.0.4324.146', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:09:13", "description": "The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.146. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Google Chrome < 88.0.4324.146 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2021-02-17T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_88_0_4324_146.NASL", "href": "https://www.tenable.com/plugins/nessus/146061", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146061);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/17\");\n\n script_cve_id(\n \"CVE-2021-21142\",\n \"CVE-2021-21143\",\n \"CVE-2021-21144\",\n \"CVE-2021-21145\",\n \"CVE-2021-21146\",\n \"CVE-2021-21147\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0059-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.146 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.146. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_02_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a97ab3be\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1169317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1154965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1162942\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.146 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'88.0.4324.146', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:08:52", "description": "This update for chromium fixes the following issues :\n\n - Update to 88.0.4324.146 boo#1181772\n\n - CVE-2021-21142: Use after free in Payments\n\n - CVE-2021-21143: Heap buffer overflow in Extensions\n\n - CVE-2021-21144: Heap buffer overflow in Tab Groups.\n\n - CVE-2021-21145: Use after free in Fonts\n\n - CVE-2021-21146: Use after free in Navigation.\n\n - CVE-2021-21147: Inappropriate implementation in Skia", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-259)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-259.NASL", "href": "https://www.tenable.com/plugins/nessus/146320", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-259.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146320);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-259)\");\n script_summary(english:\"Check for the openSUSE-2021-259 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 88.0.4324.146 boo#1181772\n\n - CVE-2021-21142: Use after free in Payments\n\n - CVE-2021-21143: Heap buffer overflow in Extensions\n\n - CVE-2021-21144: Heap buffer overflow in Tab Groups.\n\n - CVE-2021-21145: Use after free in Fonts\n\n - CVE-2021-21146: Use after free in Navigation.\n\n - CVE-2021-21147: Inappropriate implementation in Skia\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181772\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21146\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-88.0.4324.146-lp152.2.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-88.0.4324.146-lp152.2.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-88.0.4324.146-lp152.2.69.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-88.0.4324.146-lp152.2.69.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:08:53", "description": "Chrome Releases reports :\n\nThis update include 6 security fixes :\n\n- 1169317] Critical CVE-2021-21142: Use after free in Payments.\nReported by Khalil Zhani on 2021-01-21\n\n- [1163504] High CVE-2021-21143: Heap buffer overflow in Extensions.\nReported by Allen Parker and Alex Morgan of MU on 2021-01-06\n\n- [1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07\n\n- [1154965] High CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03\n\n- [1161705] High CVE-2021-21146: Use after free in Navigation.\nReported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24\n\n- [1162942] Medium CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov on 2021-01-04", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "FreeBSD : www/chromium -- multiple vulnerabilities (479fdfda-6659-11eb-83e2-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_479FDFDA665911EB83E2E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/146166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146166);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\");\n\n script_name(english:\"FreeBSD : www/chromium -- multiple vulnerabilities (479fdfda-6659-11eb-83e2-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis update include 6 security fixes :\n\n- 1169317] Critical CVE-2021-21142: Use after free in Payments.\nReported by Khalil Zhani on 2021-01-21\n\n- [1163504] High CVE-2021-21143: Heap buffer overflow in Extensions.\nReported by Allen Parker and Alex Morgan of MU on 2021-01-06\n\n- [1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07\n\n- [1154965] High CVE-2021-21145: Use after free in Fonts. Reported by\nAnonymous on 2020-12-03\n\n- [1161705] High CVE-2021-21146: Use after free in Navigation.\nReported by Alison Huffman and Choongwoo Han of Microsoft Browser\nVulnerability Research on 2020-12-24\n\n- [1162942] Medium CVE-2021-21147: Inappropriate implementation in\nSkia. Reported by Roman Starkov on 2021-01-04\"\n );\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a97ab3be\"\n );\n # https://vuxml.freebsd.org/freebsd/479fdfda-6659-11eb-83e2-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b829c53c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21146\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<88.0.4324.146\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:35", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.85 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_85.NASL", "href": "https://www.tenable.com/plugins/nessus/148848", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148848);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0187-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 90.0.4430.85 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.85. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70d7f7db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197904\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.85 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.85', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:28", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.85 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "href": "https://www.tenable.com/plugins/nessus/148849", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148849);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0187-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 90.0.4430.85 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.85. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70d7f7db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197904\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.85 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.85', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:37", "description": "Chrome Reelases reports :\n\nThis release includes 7 security fixes, including :\n\n- 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n\n- [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n\n- [1195977] High CVE-2021-21225: Out of bounds memory access in V8.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05\n\n- [1197904] High CVE-2021-21226: Use after free in navigation.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (cb13a765-a277-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148931);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (cb13a765-a277-11eb-97a0-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Reelases reports :\n\nThis release includes 7 security fixes, including :\n\n- 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported\nby Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n\n- [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by\nGuang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by\nJose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n\n- [1195977] High CVE-2021-21225: Out of bounds memory access in V8.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05\n\n- [1197904] High CVE-2021-21226: Use after free in navigation.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11\"\n );\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70d7f7db\"\n );\n # https://vuxml.freebsd.org/freebsd/cb13a765-a277-11eb-97a0-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be54099d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.85\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:48", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "href": "https://www.tenable.com/plugins/nessus/148939", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148939);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-22-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0027f192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.818.46 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.818.46' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T15:09:14", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected by multiple vulnerabilities as referenced in the February 4, 2021 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-24113"], "modified": "2021-02-12T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_88_0_705_62.NASL", "href": "https://www.tenable.com/plugins/nessus/146207", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146207);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\n \"CVE-2021-21142\",\n \"CVE-2021-21143\",\n \"CVE-2021-21144\",\n \"CVE-2021-21145\",\n \"CVE-2021-21146\",\n \"CVE-2021-21147\",\n \"CVE-2021-24113\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected\nby multiple vulnerabilities as referenced in the February 4, 2021 advisory.\n\n - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)\n\n - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21143)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-21144)\n\n - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21145)\n\n - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-21146)\n\n - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to\n spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-4-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6e795b0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 88.0.705.62 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '88.0.705.62' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:06", "description": "This update for chromium fixes the following issues :\n\n - Chromium was updated to 89.0.4389.90 (boo#1183515)\n\n - CVE-2021-21191: Use after free in WebRTC.\n\n - CVE-2021-21192: Heap buffer overflow in tab groups.\n\n - CVE-2021-21193: Use after free in Blink.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-436)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2022-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-436.NASL", "href": "https://www.tenable.com/plugins/nessus/147929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-436.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147929);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/25\");\n\n script_cve_id(\"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-436)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Chromium was updated to 89.0.4389.90 (boo#1183515)\n\n - CVE-2021-21191: Use after free in WebRTC.\n\n - CVE-2021-21192: Heap buffer overflow in tab groups.\n\n - CVE-2021-21193: Use after free in Blink.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183515\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-89.0.4389.90-lp152.2.80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-89.0.4389.90-lp152.2.80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-89.0.4389.90-lp152.2.80.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-89.0.4389.90-lp152.2.80.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:32", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-141d8640ce advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21191)\n\n - Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21192)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21193)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "Fedora 32 : chromium (2021-141d8640ce)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2022-01-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-141D8640CE.NASL", "href": "https://www.tenable.com/plugins/nessus/148793", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-141d8640ce\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148793);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\");\n script_xref(name:\"FEDORA\", value:\"2021-141d8640ce\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 32 : chromium (2021-141d8640ce)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-141d8640ce advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21191)\n\n - Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21192)\n\n - Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21193)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-141d8640ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-89.0.4389.90-3.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:07", "description": "The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_12 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.90 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_89_0_4389_90.NASL", "href": "https://www.tenable.com/plugins/nessus/147754", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147754);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.90 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.90. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_12 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e129313f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1167357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1181387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1186287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.90 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'89.0.4389.90', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:14", "description": "The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_12 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.90 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_89_0_4389_90.NASL", "href": "https://www.tenable.com/plugins/nessus/147755", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147755);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0139-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.90 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.90. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_03_stable-channel-update-for-desktop_12 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e129313f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1167357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1181387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1186287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.90 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'89.0.4389.90', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:45", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected by multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_89_0_774_54.NASL", "href": "https://www.tenable.com/plugins/nessus/147812", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147812);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected\nby multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-15-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5072e34e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21193\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 89.0.774.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '89.0.774.54' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:50", "description": "This update for chromium fixes the following issues :\n\n - Chromium 89.0.4389.128 (boo#1184700) :\n\n - CVE-2021-21206: Use after free in blink\n\n - CVE-2021-21220: Insufficient validation of untrusted input in v8 for x86_64", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-567)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-567.NASL", "href": "https://www.tenable.com/plugins/nessus/148746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-567.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148746);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-567)\");\n script_summary(english:\"Check for the openSUSE-2021-567 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Chromium 89.0.4389.128 (boo#1184700) :\n\n - CVE-2021-21206: Use after free in blink\n\n - CVE-2021-21220: Insufficient validation of untrusted\n input in v8 for x86_64\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184700\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21220\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-89.0.4389.128-lp152.2.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-89.0.4389.128-lp152.2.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-89.0.4389.128-lp152.2.86.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-89.0.4389.128-lp152.2.86.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:29", "description": "Chrome Releases reports :\n\nThis release contains two security fixes :\n\n- [1196781] High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07\n\n- [1196683] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_) and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07>", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (7c0d71a9-9d48-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7C0D71A99D4811EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148599);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (7c0d71a9-9d48-11eb-97a0-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains two security fixes :\n\n- [1196781] High CVE-2021-21206: Use after free in Blink. Reported by\nAnonymous on 2021-04-07\n\n- [1196683] High CVE-2021-21220: Insufficient validation of untrusted\ninput in V8 for x86_64. Reported by Bruno Keith (@bkth_) and Niklas\nBaumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI\n(ZDI-CAN-13569) on 2021-04-07>\"\n );\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9531cc08\"\n );\n # https://vuxml.freebsd.org/freebsd/7c0d71a9-9d48-11eb-97a0-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f83b2ff5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21220\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<89.0.4389.128\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:43", "description": "The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.128. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.128 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_89_0_4389_128.NASL", "href": "https://www.tenable.com/plugins/nessus/148487", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148487);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\");\n script_xref(name:\"IAVA\", value:\"2021-A-0176-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.128 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 89.0.4389.128. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9531cc08\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196683\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.128 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'89.0.4389.128', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:20", "description": "The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.128. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "Google Chrome < 89.0.4389.128 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_89_0_4389_128.NASL", "href": "https://www.tenable.com/plugins/nessus/148488", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148488);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\");\n script_xref(name:\"IAVA\", value:\"2021-A-0176-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 89.0.4389.128 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 89.0.4389.128. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9531cc08\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196683\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 89.0.4389.128 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'89.0.4389.128', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:00", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected by multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_89_0_774_77.NASL", "href": "https://www.tenable.com/plugins/nessus/148565", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148565);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\");\n script_xref(name:\"IAVA\", value:\"2021-A-0176-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-14-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?119280b8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 89.0.774.77 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '89.0.774.77' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T18:04:33", "description": "Chrome Releases reports :\n\nThis release includes 5 security fixes, including :\n\n- [1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15\n\n- [1181387] High CVE-2021-21192: Heap buffer overflow in tab groups.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23\n\n- [1186287] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (b81ad6d6-8633-11eb-99c5-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-11191", "CVE-2021-11192", "CVE-2021-11193", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-17T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_B81AD6D6863311EB99C5E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/147848", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147848);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/17\");\n\n script_cve_id(\"CVE-2021-11191\", \"CVE-2021-11192\", \"CVE-2021-11193\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (b81ad6d6-8633-11eb-99c5-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release includes 5 security fixes, including :\n\n- [1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by\nraven (@raid_akame) on 2021-01-15\n\n- [1181387] High CVE-2021-21192: Heap buffer overflow in tab groups.\nReported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\nResearch on 2021-02-23\n\n- [1186287] High CVE-2021-21193: Use after free in Blink. Reported by\nAnonymous on 2021-03-09\"\n );\n # https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e129313f\"\n );\n # https://vuxml.freebsd.org/freebsd/b81ad6d6-8633-11eb-99c5-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?932814a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<89.0.4389.90\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-14T21:12:29", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-90.0.4430.93-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-14T21:12:29", "id": "FEDORA:993DD30E4796", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-12T05:35:46", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-90.0.4430.93-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:35:46", "id": "FEDORA:D63AA304E89C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-12T05:44:40", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-90.0.4430.93-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:44:40", "id": "FEDORA:B4C4A30D8539", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-20T01:15:37", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-89.0.4389.82-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2021-03-20T01:15:37", "id": "FEDORA:A017F3074280", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-01T01:51:39", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-89.0.4389.90-3.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2021-04-01T01:51:39", "id": "FEDORA:C67773052A4D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-05T00:18:43", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-89.0.4389.90-3.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2021-04-05T00:18:43", "id": "FEDORA:BF4FC30A0346", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-28T17:27:09", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-88.0.4324.182-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-02-28T17:27:09", "id": "FEDORA:A9575304C34D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-10T01:20:58", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-88.0.4324.150-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "modified": "2021-02-10T01:20:58", "id": "FEDORA:BB03930B3A56", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-17T05:09:44", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-88.0.4324.150-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "modified": "2021-02-17T05:09:44", "id": "FEDORA:4E16930B130B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-07T15:26:44", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-89.0.4389.90-3.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-04-07T15:26:44", "id": "FEDORA:807E83072E26", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202104-2\n=========================================\n\nSeverity: High\nDate : 2021-04-29\nCVE-ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21207\nCVE-2021-21209 CVE-2021-21210 CVE-2021-21213 CVE-2021-21214\nCVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218\nCVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223\nCVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228\nCVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232\nCVE-2021-21233\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1828\n\nSummary\n=======\n\nThe package vivaldi before version 3.8.2259.37-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, insufficient validation, sandbox escape, access restriction\nbypass, content spoofing and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 3.8.2259.37-1.\n\n# pacman -Syu \"vivaldi>=3.8.2259.37-1\"\n\nThe problems have been fixed upstream in version 3.8.2259.37.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21201 (sandbox escape)\n\nUse after free in permissions in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21202 (sandbox escape)\n\nUse after free in extensions in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21203 (arbitrary code execution)\n\nUse after free in Blink in Google Chrome prior to 90.0.4430.72 allowed\na remote attacker to potentially exploit heap corruption via a crafted\nHTML page.\n\n- CVE-2021-21207 (sandbox escape)\n\nUse after free in IndexedDB in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21209 (information disclosure)\n\nInappropriate implementation in storage in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to leak cross-origin data via a\ncrafted HTML page.\n\n- CVE-2021-21210 (information disclosure)\n\nInappropriate implementation in Network in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to potentially access local UDP\nports via a crafted HTML page.\n\n- CVE-2021-21213 (arbitrary code execution)\n\nUse after free in WebMIDI in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n- CVE-2021-21214 (arbitrary code execution)\n\nUse after free in Network API in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted Chrome Extension.\n\n- CVE-2021-21215 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21216 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21217 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21218 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21219 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21221 (information disclosure)\n\nInsufficient validation of untrusted input in Mojo in Google Chrome\nprior to 90.0.4430.72 allowed a remote attacker who had compromised the\nrenderer process to leak cross-origin data via a crafted HTML page.\n\n- CVE-2021-21222 (sandbox escape)\n\nHeap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\nbypass site isolation via a crafted HTML page.\n\n- CVE-2021-21223 (sandbox escape)\n\nInteger overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed\na remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21225 (arbitrary code execution)\n\nOut of bounds memory access in V8 in Google Chrome prior to\n90.0.4430.85 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n- CVE-2021-21226 (sandbox escape)\n\nUse after free in navigation in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21227 (insufficient validation)\n\nAn insufficient data validation security issue has been found in the V8\ncomponent of the Chromium browser before version 90.0.4430.93.\n\n- CVE-2021-21228 (access restriction bypass)\n\nAn insufficient policy enforcement security issue has been found in the\nextensions component of the Chromium browser before version\n90.0.4430.93.\n\n- CVE-2021-21229 (content spoofing)\n\nAn incorrect security UI security issue has been found in the downloads\ncomponent of the Chromium browser before version 90.0.4430.93.\n\n- CVE-2021-21230 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.93.\n\n- CVE-2021-21231 (incorrect calculation)\n\nAn insufficient data validation security issue has been found in the V8\ncomponent of the Chromium browser before version 90.0.4430.93.\n\n- CVE-2021-21232 (arbitrary code execution)\n\nA use after free security issue has been found in the Dev Tools\ncomponent of the Chromium browser before version 90.0.4430.93.\n\n- CVE-2021-21233 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 90.0.4430.93.\n\nImpact\n======\n\nAn attacker is able to break out of the sandbox, execute arbitrary\ncode, spoof content, read sensitive data, and bypass extension security\npolicies through various means.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-3-7/\nhttps://vivaldi.com/blog/desktop/minor-update-4-for-vivaldi-desktop-browser-3-7/\nhttps://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\nhttps://crbug.com/1025683\nhttps://crbug.com/1188889\nhttps://crbug.com/1192054\nhttps://crbug.com/1185732\nhttps://crbug.com/1143526\nhttps://crbug.com/1184562\nhttps://crbug.com/1161806\nhttps://crbug.com/1170148\nhttps://crbug.com/1172533\nhttps://crbug.com/1173297\nhttps://crbug.com/1166462\nhttps://crbug.com/1166478\nhttps://crbug.com/1166972\nhttps://crbug.com/1195333\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1194046\nhttps://crbug.com/1195308\nhttps://crbug.com/1195977\nhttps://crbug.com/1197904\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html\nhttps://crbug.com/1199345\nhttps://crbug.com/1139156\nhttps://crbug.com/1198165\nhttps://crbug.com/1198705\nhttps://crbug.com/1198696\nhttps://crbug.com/1175058\nhttps://crbug.com/1182937\nhttps://security.archlinux.org/CVE-2021-21201\nhttps://security.archlinux.org/CVE-2021-21202\nhttps://security.archlinux.org/CVE-2021-21203\nhttps://security.archlinux.org/CVE-2021-21207\nhttps://security.archlinux.org/CVE-2021-21209\nhttps://security.archlinux.org/CVE-2021-21210\nhttps://security.archlinux.org/CVE-2021-21213\nhttps://security.archlinux.org/CVE-2021-21214\nhttps://security.archlinux.org/CVE-2021-21215\nhttps://security.archlinux.org/CVE-2021-21216\nhttps://security.archlinux.org/CVE-2021-21217\nhttps://security.archlinux.org/CVE-2021-21218\nhttps://security.archlinux.org/CVE-2021-21219\nhttps://security.archlinux.org/CVE-2021-21221\nhttps://security.archlinux.org/CVE-2021-21222\nhttps://security.archlinux.org/CVE-2021-21223\nhttps://security.archlinux.org/CVE-2021-21225\nhttps://security.archlinux.org/CVE-2021-21226\nhttps://security.archlinux.org/CVE-2021-21227\nhttps://security.archlinux.org/CVE-2021-21228\nhttps://security.archlinux.org/CVE-2021-21229\nhttps://security.archlinux.org/CVE-2021-21230\nhttps://security.archlinux.org/CVE-2021-21231\nhttps://security.archlinux.org/CVE-2021-21232\nhttps://security.archlinux.org/CVE-2021-21233", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "archlinux", "title": "[ASA-202104-2] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21207", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-04-29T00:00:00", "id": "ASA-202104-2", "href": "https://security.archlinux.org/ASA-202104-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202104-5\n=========================================\n\nSeverity: High\nDate : 2021-04-29\nCVE-ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21207\nCVE-2021-21209 CVE-2021-21210 CVE-2021-21213 CVE-2021-21214\nCVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218\nCVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223\nCVE-2021-21224 CVE-2021-21225 CVE-2021-21226\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1840\n\nSummary\n=======\n\nThe package opera before version 76.0.4017.94-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, sandbox escape and content spoofing.\n\nResolution\n==========\n\nUpgrade to 76.0.4017.94-1.\n\n# pacman -Syu \"opera>=76.0.4017.94-1\"\n\nThe problems have been fixed upstream in version 76.0.4017.94.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21201 (sandbox escape)\n\nUse after free in permissions in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21202 (sandbox escape)\n\nUse after free in extensions in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21203 (arbitrary code execution)\n\nUse after free in Blink in Google Chrome prior to 90.0.4430.72 allowed\na remote attacker to potentially exploit heap corruption via a crafted\nHTML page.\n\n- CVE-2021-21207 (sandbox escape)\n\nUse after free in IndexedDB in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21209 (information disclosure)\n\nInappropriate implementation in storage in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to leak cross-origin data via a\ncrafted HTML page.\n\n- CVE-2021-21210 (information disclosure)\n\nInappropriate implementation in Network in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to potentially access local UDP\nports via a crafted HTML page.\n\n- CVE-2021-21213 (arbitrary code execution)\n\nUse after free in WebMIDI in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n- CVE-2021-21214 (arbitrary code execution)\n\nUse after free in Network API in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted Chrome Extension.\n\n- CVE-2021-21215 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21216 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21217 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21218 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21219 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21221 (information disclosure)\n\nInsufficient validation of untrusted input in Mojo in Google Chrome\nprior to 90.0.4430.72 allowed a remote attacker who had compromised the\nrenderer process to leak cross-origin data via a crafted HTML page.\n\n- CVE-2021-21222 (sandbox escape)\n\nHeap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\nbypass site isolation via a crafted HTML page.\n\n- CVE-2021-21223 (sandbox escape)\n\nInteger overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed\na remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21224 (arbitrary code execution)\n\nType confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a\nremote attacker to execute arbitrary code inside a sandbox via a\ncrafted HTML page. Google is aware of reports that exploits for this\nissue exist in the wild.\n\n- CVE-2021-21225 (arbitrary code execution)\n\nOut of bounds memory access in V8 in Google Chrome prior to\n90.0.4430.85 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n- CVE-2021-21226 (sandbox escape)\n\nUse after free in navigation in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\nImpact\n======\n\nAn attacker is able to break out of the sandbox, execute arbitrary\ncode, spoof content, read sensitive data, and bypass extension security\npolicies through various means.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-75/\nhttps://blogs.opera.com/desktop/changelog-for-76/\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\nhttps://crbug.com/1025683\nhttps://crbug.com/1188889\nhttps://crbug.com/1192054\nhttps://crbug.com/1185732\nhttps://crbug.com/1143526\nhttps://crbug.com/1184562\nhttps://crbug.com/1161806\nhttps://crbug.com/1170148\nhttps://crbug.com/1172533\nhttps://crbug.com/1173297\nhttps://crbug.com/1166462\nhttps://crbug.com/1166478\nhttps://crbug.com/1166972\nhttps://crbug.com/1195333\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1194046\nhttps://crbug.com/1195308\nhttps://crbug.com/1195777\nhttps://crbug.com/1195977\nhttps://crbug.com/1197904\nhttps://security.archlinux.org/CVE-2021-21201\nhttps://security.archlinux.org/CVE-2021-21202\nhttps://security.archlinux.org/CVE-2021-21203\nhttps://security.archlinux.org/CVE-2021-21207\nhttps://security.archlinux.org/CVE-2021-21209\nhttps://security.archlinux.org/CVE-2021-21210\nhttps://security.archlinux.org/CVE-2021-21213\nhttps://security.archlinux.org/CVE-2021-21214\nhttps://security.archlinux.org/CVE-2021-21215\nhttps://security.archlinux.org/CVE-2021-21216\nhttps://security.archlinux.org/CVE-2021-21217\nhttps://security.archlinux.org/CVE-2021-21218\nhttps://security.archlinux.org/CVE-2021-21219\nhttps://security.archlinux.org/CVE-2021-21221\nhttps://security.archlinux.org/CVE-2021-21222\nhttps://security.archlinux.org/CVE-2021-21223\nhttps://security.archlinux.org/CVE-2021-21224\nhttps://security.archlinux.org/CVE-2021-21225\nhttps://security.archlinux.org/CVE-2021-21226", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "archlinux", "title": "[ASA-202104-5] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21207", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-29T00:00:00", "id": "ASA-202104-5", "href": "https://security.archlinux.org/ASA-202104-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T16:33:56", "description": "Arch Linux Security Advisory ASA-202103-19\n==========================================\n\nSeverity: High\nDate : 2021-03-25\nCVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161\nCVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166\nCVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170\nCVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174\nCVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178\nCVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182\nCVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186\nCVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190\nCVE-2021-21191 CVE-2021-21192 CVE-2021-21193\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1633\n\nSummary\n=======\n\nThe package vivaldi before version 3.7.2218.45-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, access restriction bypass, content spoofing, incorrect\ncalculation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 3.7.2218.45-1.\n\n# pacman -Syu \"vivaldi>=3.7.2218.45-1\"\n\nThe problems have been fixed upstream in version 3.7.2218.45.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-27844 (arbitrary code execution)\n\nA heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in\nthe current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of\nOpenJPEG.\n\n- CVE-2021-21159 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the TabStrip\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21160 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the WebAudio\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21161 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the TabStrip\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21162 (arbitrary code execution)\n\nA use after free security issue was found in the WebRTC component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21163 (insufficient validation)\n\nAn insufficient data validation security issue was found in the Reader\nMode component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21165 (arbitrary code execution)\n\nAn object lifecycle security issue was found in the audio component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21166 (arbitrary code execution)\n\nAn object lifecycle security issue was found in the audio component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21167 (arbitrary code execution)\n\nA use after free security issue was found in the bookmarks component of\nthe Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21168 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nappcache component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21169 (information disclosure)\n\nAn out of bounds memory access security issue was found in the V8\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21170 (content spoofing)\n\nAn incorrect security UI security issue was found in the Loader\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21171 (content spoofing)\n\nAn incorrect security UI security issue was found in the TabStrip and\nNavigation components of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21172 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21173 (information disclosure)\n\nA side-channel information leakage security issue was found in the\nNetwork Internals component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21174 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nReferrer component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21175 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Site\nisolation component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21176 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the full\nscreen mode component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21177 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nAutofill component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21178 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nCompositing component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21179 (arbitrary code execution)\n\nA use after free security issue was found in the Network Internals\ncomponent of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21180 (arbitrary code execution)\n\nA use after free security issue was found in the tab search component\nof the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21181 (information disclosure)\n\nA side-channel information leakage security issue was found in the\nautofill component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21182 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nnavigations component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21183 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nperformance APIs component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21184 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nperformance APIs component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21185 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21186 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the QR\nscanning component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21187 (insufficient validation)\n\nAn insufficient data validation security issue was found in the URL\nformatting component of the Chromium browser before version\n89.0.4389.72.\n\n- CVE-2021-21188 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 89.0.4389.72.\n\n- CVE-2021-21189 (access restriction bypass)\n\nAn insufficient policy enforcement security issue was found in the\npayments component of the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21190 (arbitrary code execution)\n\nAn uninitialized use security issue was found in the PDFium component\nof the Chromium browser before version 89.0.4389.72.\n\n- CVE-2021-21191 (arbitrary code execution)\n\nA use after free security issue was found in the WebRTC component of\nthe Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21192 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the tab groups\ncomponent of the Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21193 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 89.0.4389.90. Google is aware of\nreports that an exploit for this issue exists in the wild.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures, trick the\nuser into performing unwanted actions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/\nhttps://vivaldi.com/blog/vivaldi-fires-up-performance-2/\nhttps://github.com/uclouvain/openjpeg/issues/1299\nhttps://github.com/uclouvain/openjpeg/pull/1301\nhttps://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296\nhttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html\nhttps://crbug.com/1171049\nhttps://crbug.com/1170531\nhttps://crbug.com/1173702\nhttps://crbug.com/1172054\nhttps://crbug.com/1111239\nhttps://crbug.com/1174582\nhttps://crbug.com/1177465\nhttps://crbug.com/1161144\nhttps://crbug.com/1152226\nhttps://crbug.com/1166138\nhttps://crbug.com/1111646\nhttps://crbug.com/1152894\nhttps://crbug.com/1150810\nhttps://crbug.com/1154250\nhttps://crbug.com/1158010\nhttps://crbug.com/1146651\nhttps://crbug.com/1170584\nhttps://crbug.com/1173879\nhttps://crbug.com/1174186\nhttps://crbug.com/1174943\nhttps://crbug.com/1175507\nhttps://crbug.com/1182767\nhttps://crbug.com/1049265\nhttps://crbug.com/1105875\nhttps://crbug.com/1131929\nhttps://crbug.com/1100748\nhttps://crbug.com/1153445\nhttps://crbug.com/1155516\nhttps://crbug.com/1161739\nhttps://crbug.com/1165392\nhttps://crbug.com/1166091\nhttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\nhttps://crbug.com/1167357\nhttps://crbug.com/1181387\nhttps://crbug.com/1186287\nhttps://security.archlinux.org/CVE-2020-27844\nhttps://security.archlinux.org/CVE-2021-21159\nhttps://security.archlinux.org/CVE-2021-21160\nhttps://security.archlinux.org/CVE-2021-21161\nhttps://security.archlinux.org/CVE-2021-21162\nhttps://security.archlinux.org/CVE-2021-21163\nhttps://security.archlinux.org/CVE-2021-21165\nhttps://security.archlinux.org/CVE-2021-21166\nhttps://security.archlinux.org/CVE-2021-21167\nhttps://security.archlinux.org/CVE-2021-21168\nhttps://security.archlinux.org/CVE-2021-21169\nhttps://security.archlinux.org/CVE-2021-21170\nhttps://security.archlinux.org/CVE-2021-21171\nhttps://security.archlinux.org/CVE-2021-21172\nhttps://security.archlinux.org/CVE-2021-21173\nhttps://security.archlinux.org/CVE-2021-21174\nhttps://security.archlinux.org/CVE-2021-21175\nhttps://security.archlinux.org/CVE-2021-21176\nhttps://security.archlinux.org/CVE-2021-21177\nhttps://security.archlinux.org/CVE-2021-21178\nhttps://security.archlinux.org/CVE-2021-21179\nhttps://security.archlinux.org/CVE-2021-21180\nhttps://security.archlinux.org/CVE-2021-21181\nhttps://security.archlinux.org/CVE-2021-21182\nhttps://security.archlinux.org/CVE-2021-21183\nhttps://security.archlinux.org/CVE-2021-21184\nhttps://security.archlinux.org/CVE-2021-21185\nhttps://security.archlinux.org/CVE-2021-21186\nhttps://security.archlinux.org/CVE-2021-21187\nhttps://security.archlinux.org/CVE-2021-21188\nhttps://security.archlinux.org/CVE-2021-21189\nhttps://security.archlinux.org/CVE-2021-21190\nhttps://security.archlinux.org/CVE-2021-21191\nhttps://security.archlinux.org/CVE-2021-21192\nhttps://security.archlinux.org/CVE-2021-21193", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-25T00:00:00", "type": "archlinux", "title": "[ASA-202103-19] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-25T00:00:00", "id": "ASA-202103-19", "href": "https://security.archlinux.org/ASA-202103-19", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-07-28T16:33:56", "description": "Arch Linux Security Advisory ASA-202103-8\n=========================================\n\nSeverity: High\nDate : 2021-03-13\nCVE-ID : CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152\nCVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156\nCVE-2021-21157\nPackage : opera\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1586\n\nSummary\n=======\n\nThe package opera before version 74.0.3911.203-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 74.0.3911.203-1.\n\n# pacman -Syu \"opera>=74.0.3911.203-1\"\n\nThe problems have been fixed upstream in version 74.0.3911.203.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21149 (arbitrary code execution)\n\nA stack overflow security issue was found in the Data Transfer\ncomponent of the Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21150 (arbitrary code execution)\n\nA use after free security issue was found in the Downloads component of\nthe Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21151 (arbitrary code execution)\n\nA use after free security issue was found in the Payments component of\nthe Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21152 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Media component\nof the Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21153 (arbitrary code execution)\n\nA stack overflow security issue was found in the GPU Process component\nof the Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21154 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Strip\ncomponent of the Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21155 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Strip\ncomponent of the Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21156 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the V8 component of\nthe Chromium browser before version 88.0.4324.182.\n\n- CVE-2021-21157 (arbitrary code execution)\n\nA use after free security issue was found in the Web Sockets component\nof the Chromium browser before version 88.0.4324.182.\n\nImpact\n======\n\nA remote attacker might be able to execute arbitrary code on the\naffected host.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-74/\nhttps://blogs.opera.com/desktop/2021/03/opera-74-0-3911-203-stable-update/\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html\nhttps://crbug.com/1138143\nhttps://crbug.com/1172192\nhttps://crbug.com/1165624\nhttps://crbug.com/1166504\nhttps://crbug.com/1155974\nhttps://crbug.com/1173269\nhttps://crbug.com/1177341\nhttps://crbug.com/1170657\nhttps://security.archlinux.org/CVE-2021-21149\nhttps://security.archlinux.org/CVE-2021-21150\nhttps://security.archlinux.org/CVE-2021-21151\nhttps://security.archlinux.org/CVE-2021-21152\nhttps://security.archlinux.org/CVE-2021-21153\nhttps://security.archlinux.org/CVE-2021-21154\nhttps://security.archlinux.org/CVE-2021-21155\nhttps://security.archlinux.org/CVE-2021-21156\nhttps://security.archlinux.org/CVE-2021-21157", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-13T00:00:00", "type": "archlinux", "title": "[ASA-202103-8] opera: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-03-13T00:00:00", "id": "ASA-202103-8", "href": "https://security.archlinux.org/ASA-202103-8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202102-6\n=========================================\n\nSeverity: Critical\nDate : 2021-02-06\nCVE-ID : CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1525\n\nSummary\n=======\n\nThe package chromium before version 88.0.4324.150-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 88.0.4324.150-1.\n\n# pacman -Syu \"chromium>=88.0.4324.150-1\"\n\nThe problems have been fixed upstream in version 88.0.4324.150.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21142 (arbitrary code execution)\n\nA use after free security issue was found in the Payments component of\nthe Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21143 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Extensions\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21144 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Groups\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21145 (arbitrary code execution)\n\nA use after free security issue was found in the Fonts component of the\nChromium browser before version 88.0.4324.146.\n\n- CVE-2021-21146 (arbitrary code execution)\n\nA use after free security issue was found in the Navigation component\nof the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21147 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Skia\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21148 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the V8 component of\nthe Chromium browser before version 88.0.4324.150.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures or execute\narbitrary code.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\nhttps://crbug.com/1169317\nhttps://crbug.com/1163504\nhttps://crbug.com/1163845\nhttps://crbug.com/1154965\nhttps://crbug.com/1161705\nhttps://crbug.com/1162942\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\nhttps://crbug.com/1170176\nhttps://security.archlinux.org/CVE-2021-21142\nhttps://security.archlinux.org/CVE-2021-21143\nhttps://security.archlinux.org/CVE-2021-21144\nhttps://security.archlinux.org/CVE-2021-21145\nhttps://security.archlinux.org/CVE-2021-21146\nhttps://security.archlinux.org/CVE-2021-21147\nhttps://security.archlinux.org/CVE-2021-21148", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-06T00:00:00", "type": "archlinux", "title": "[ASA-202102-6] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "modified": "2021-02-06T00:00:00", "id": "ASA-202102-6", "href": "https://security.archlinux.org/ASA-202102-6", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202104-7\n=========================================\n\nSeverity: High\nDate : 2021-04-29\nCVE-ID : CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225\nCVE-2021-21226\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1843\n\nSummary\n=======\n\nThe package chromium before version 90.0.4430.85-1 is vulnerable to\nmultiple issues including arbitrary code execution and sandbox escape.\n\nResolution\n==========\n\nUpgrade to 90.0.4430.85-1.\n\n# pacman -Syu \"chromium>=90.0.4430.85-1\"\n\nThe problems have been fixed upstream in version 90.0.4430.85.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21222 (sandbox escape)\n\nHeap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\nbypass site isolation via a crafted HTML page.\n\n- CVE-2021-21223 (sandbox escape)\n\nInteger overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed\na remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21224 (arbitrary code execution)\n\nType confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a\nremote attacker to execute arbitrary code inside a sandbox via a\ncrafted HTML page. Google is aware of reports that exploits for this\nissue exist in the wild.\n\n- CVE-2021-21225 (arbitrary code execution)\n\nOut of bounds memory access in V8 in Google Chrome prior to\n90.0.4430.85 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n- CVE-2021-21226 (sandbox escape)\n\nUse after free in navigation in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\nImpact\n======\n\nAn attacker can escape the site isolation sandbox through a compromised\nrendered process. In addition, an attacker can execute arbitrary code\nand escape the sandbox through a crafted HTML page.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1194046\nhttps://crbug.com/1195308\nhttps://crbug.com/1195777\nhttps://crbug.com/1195977\nhttps://crbug.com/1197904\nhttps://security.archlinux.org/CVE-2021-21222\nhttps://security.archlinux.org/CVE-2021-21223\nhttps://security.archlinux.org/CVE-2021-21224\nhttps://security.archlinux.org/CVE-2021-21225\nhttps://security.archlinux.org/CVE-2021-21226", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "archlinux", "title": "[ASA-202104-7] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-29T00:00:00", "id": "ASA-202104-7", "href": "https://security.archlinux.org/ASA-202104-7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202103-9\n=========================================\n\nSeverity: High\nDate : 2021-03-13\nCVE-ID : CVE-2021-21191 CVE-2021-21192 CVE-2021-21193\nPackage : chromium\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1683\n\nSummary\n=======\n\nThe package chromium before version 89.0.4389.90-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 89.0.4389.90-1.\n\n# pacman -Syu \"chromium>=89.0.4389.90-1\"\n\nThe problems have been fixed upstream in version 89.0.4389.90.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21191 (arbitrary code execution)\n\nA use after free security issue was found in the WebRTC component of\nthe Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21192 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the tab groups\ncomponent of the Chromium browser before version 89.0.4389.90.\n\n- CVE-2021-21193 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 89.0.4389.90. Google is aware of\nreports that an exploit for this issue exists in the wild.\n\nImpact\n======\n\nA remote attacker can execute arbitrary code on the affected host.\nGoogle is aware of reports that an exploit for CVE-2021-21193 exists in\nthe wild.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html\nhttps://crbug.com/1167357\nhttps://crbug.com/1181387\nhttps://crbug.com/1186287\nhttps://security.archlinux.org/CVE-2021-21191\nhttps://security.archlinux.org/CVE-2021-21192\nhttps://security.archlinux.org/CVE-2021-21193", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-13T00:00:00", "type": "archlinux", "title": "[ASA-202103-9] chromium: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-13T00:00:00", "id": "ASA-202103-9", "href": "https://security.archlinux.org/ASA-202103-9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-10T02:12:05", "description": "An update that fixes 25 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n * CVE-2021-21227: Insufficient data validation in V8.\n * CVE-2021-21232: Use after free in Dev Tools.\n * CVE-2021-21233: Heap buffer overflow in ANGLE.\n * CVE-2021-21228: Insufficient policy enforcement in extensions.\n * CVE-2021-21229: Incorrect security UI in downloads.\n * CVE-2021-21230: Type Confusion in V8.\n * CVE-2021-21231: Insufficient data validation in V8.\n * CVE-2021-21222: Heap buffer overflow in V8\n * CVE-2021-21223: Integer overflow in Mojo\n * CVE-2021-21224: Type Confusion in V8\n * CVE-2021-21225: Out of bounds memory access in V8\n * CVE-2021-21226: Use after free in navigation\n * CVE-2021-21201: Use after free in permissions\n * CVE-2021-21202: Use after free in extensions\n * CVE-2021-21203: Use after free in Blink\n * CVE-2021-21204: Use after free in Blink\n * CVE-2021-21205: Insufficient policy enforcement in navigation\n * CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n * CVE-2021-21207: Use after free in IndexedDB\n * CVE-2021-21208: Insufficient data validation in QR scanner\n * CVE-2021-21209: Inappropriate implementation in storage\n * CVE-2021-21210: Inappropriate implementation in Network\n * CVE-2021-21211: Inappropriate implementation in Navigatio\n * CVE-2021-21212: Incorrect security UI in Network Config UI\n * CVE-2021-21213: Use after free in WebMIDI\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-629=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-01T00:00:00", "type": "suse", "title": "Security update for Chromium (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-01T00:00:00", "id": "OPENSUSE-SU-2021:0629-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:33", "description": "An update that fixes 42 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 89.0.4389.72 (boo#1182358, boo#1182960):\n\n - CVE-2021-21159: Heap buffer overflow in TabStrip.\n - CVE-2021-21160: Heap buffer overflow in WebAudio.\n - CVE-2021-21161: Heap buffer overflow in TabStrip.\n - CVE-2021-21162: Use after free in WebRTC.\n - CVE-2021-21163: Insufficient data validation in Reader Mode.\n - CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n - CVE-2021-21165: Object lifecycle issue in audio.\n - CVE-2021-21166: Object lifecycle issue in audio.\n - CVE-2021-21167: Use after free in bookmarks.\n - CVE-2021-21168: Insufficient policy enforcement in appcache.\n - CVE-2021-21169: Out of bounds memory access in V8.\n - CVE-2021-21170: Incorrect security UI in Loader.\n - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n - CVE-2021-21172: Insufficient policy enforcement in File System API.\n - CVE-2021-21173: Side-channel information leakage in Network Internals.\n - CVE-2021-21174: Inappropriate implementation in Referrer.\n - CVE-2021-21175: Inappropriate implementation in Site isolation.\n - CVE-2021-21176: Inappropriate implementation in full screen mode.\n - CVE-2021-21177: Insufficient policy enforcement in Autofill.\n - CVE-2021-21178: Inappropriate implementation in Compositing.\n - CVE-2021-21179: Use after free in Network Internals.\n - CVE-2021-21180: Use after free in tab search.\n - CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n - CVE-2021-21181: Side-channel information leakage in autofill.\n - CVE-2021-21182: Insufficient policy enforcement in navigations.\n - CVE-2021-21183: Inappropriate implementation in performance APIs.\n - CVE-2021-21184: Inappropriate implementation in performance APIs.\n - CVE-2021-21185: Insufficient policy enforcement in extensions.\n - CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n - CVE-2021-21187: Insufficient data validation in URL formatting.\n - CVE-2021-21188: Use after free in Blink.\n - CVE-2021-21189: Insufficient policy enforcement in payments.\n - CVE-2021-21190: Uninitialized Use in PDFium.\n - CVE-2021-21149: Stack overflow in Data Transfer.\n - CVE-2021-21150: Use after free in Downloads.\n - CVE-2021-21151: Use after free in Payments.\n - CVE-2021-21152: Heap buffer overflow in Media.\n - CVE-2021-21153: Stack overflow in GPU Process.\n - CVE-2021-21154: Heap buffer overflow in Tab Strip.\n - CVE-2021-21155: Heap buffer overflow in Tab Strip.\n - CVE-2021-21156: Heap buffer overflow in V8.\n - CVE-2021-21157: Use after free in Web Sockets.\n - Fixed Sandbox with glibc 2.33 (boo#1182233)\n - Fixed an issue where chromium hangs on opening (boo#1182775).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-392=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-08T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2021-03-08T00:00:00", "id": "OPENSUSE-SU-2021:0392-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S66YPMC4VLRMKQGSTL3XFAVYDCVH7ADY/", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-11-10T08:10:29", "description": "An update that fixes 42 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 89.0.4389.72 (boo#1182358, boo#1182960):\n\n - CVE-2021-21159: Heap buffer overflow in TabStrip.\n - CVE-2021-21160: Heap buffer overflow in WebAudio.\n - CVE-2021-21161: Heap buffer overflow in TabStrip.\n - CVE-2021-21162: Use after free in WebRTC.\n - CVE-2021-21163: Insufficient data validation in Reader Mode.\n - CVE-2021-21164: Insufficient data validation in Chrome for iOS.\n - CVE-2021-21165: Object lifecycle issue in audio.\n - CVE-2021-21166: Object lifecycle issue in audio.\n - CVE-2021-21167: Use after free in bookmarks.\n - CVE-2021-21168: Insufficient policy enforcement in appcache.\n - CVE-2021-21169: Out of bounds memory access in V8.\n - CVE-2021-21170: Incorrect security UI in Loader.\n - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.\n - CVE-2021-21172: Insufficient policy enforcement in File System API.\n - CVE-2021-21173: Side-channel information leakage in Network Internals.\n - CVE-2021-21174: Inappropriate implementation in Referrer.\n - CVE-2021-21175: Inappropriate implementation in Site isolation.\n - CVE-2021-21176: Inappropriate implementation in full screen mode.\n - CVE-2021-21177: Insufficient policy enforcement in Autofill.\n - CVE-2021-21178: Inappropriate implementation in Compositing.\n - CVE-2021-21179: Use after free in Network Internals.\n - CVE-2021-21180: Use after free in tab search.\n - CVE-2020-27844: Heap buffer overflow in OpenJPEG.\n - CVE-2021-21181: Side-channel information leakage in autofill.\n - CVE-2021-21182: Insufficient policy enforcement in navigations.\n - CVE-2021-21183: Inappropriate implementation in performance APIs.\n - CVE-2021-21184: Inappropriate implementation in performance APIs.\n - CVE-2021-21185: Insufficient policy enforcement in extensions.\n - CVE-2021-21186: Insufficient policy enforcement in QR scanning.\n - CVE-2021-21187: Insufficient data validation in URL formatting.\n - CVE-2021-21188: Use after free in Blink.\n - CVE-2021-21189: Insufficient policy enforcement in payments.\n - CVE-2021-21190: Uninitialized Use in PDFium.\n - CVE-2021-21149: Stack overflow in Data Transfer.\n - CVE-2021-21150: Use after free in Downloads.\n - CVE-2021-21151: Use after free in Payments.\n - CVE-2021-21152: Heap buffer overflow in Media.\n - CVE-2021-21153: Stack overflow in GPU Process.\n - CVE-2021-21154: Heap buffer overflow in Tab Strip.\n - CVE-2021-21155: Heap buffer overflow in Tab Strip.\n - CVE-2021-21156: Heap buffer overflow in V8.\n - CVE-2021-21157: Use after free in Web Sockets.\n - Fixed Sandbox with glibc 2.33 (boo#1182233)\n - Fixed an issue where chromium hangs on opening (boo#1182775).\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-401=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-10T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27844", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190"], "modified": "2021-03-10T00:00:00", "id": "OPENSUSE-SU-2021:0401-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F5HQTB6OX4JN5OFGWK6KZIS4UD7TGBXF/", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-11-10T08:10:29", "description": "An update that fixes 10 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Update to version 74.0.3911.203\n - CHR-8324 Update chromium on desktop-stable-88-3911 to\n 88.0.4324.182(boo#1182358)\n - DNA-90762 Replace \ufffd\ufffd\ufffdDon\ufffd\ufffd\ufffdt show again\ufffd\ufffd\ufffd with \ufffd\ufffd\ufffdDiscard\ufffd\ufffd\ufffd\n - DNA-90974 Crash at\n opera::PersistentRecentlyClosedWindows::GetEntryType(SessionID)\n - DNA-91289 [Search tabs] Wrong tab stays highlighted after removing\n another tab\n - DNA-91476 Invalid memory dereference PlayerServiceBrowsertest\n - DNA-91502 Change system name on opera://about page for MacOS\n - DNA-91740 Missing title in Extensions Toolbar Menu\n - The update to chromium 88.0.4324.182 fixes following issues:\n CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152,\n CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156,\n CVE-2021-21157\n - Update to version 74.0.3911.160\n - DNA-90409 Cleanup Javascript dialogs: app modal & tab modal\n - DNA-90720 [Search Tabs] Allow discarding recently closed items\n - DNA-90802 [Windows] Debug fails on linking\n - DNA-91130 heap-use-after-free in\n CashbackBackendServiceTest.AutoUpdateSchedule\n - DNA-91152 Allow reading agent variables in trigger conditions\n - DNA-91225 [Search tabs] The webpage doesn\ufffd\ufffd\ufffdt move from \ufffd\ufffd\ufffdOpen\n tabs\ufffd\ufffd\ufffd to \ufffd\ufffd\ufffdRecently closed\ufffd\ufffd\ufffd section\n - DNA-91243 Add Rich Hint support for the cashback badge and popup\n - DNA-91483 component_unittests are timing out\n - DNA-91516 Sidebar setup opens only with cashback enabled\n - DNA-91601 No text in 1st line of address bar dropdown suggestions\n - DNA-91603 Jumbo build problem on desktop-stable-88-3911\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-413=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-03-16T00:00:00", "id": "OPENSUSE-SU-2021:0413-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Opera was updated to version 75.0.3969.171 (boo#1184256) CVE-2021-21194,\n CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198,\n CVE-2021-21199, CVE-2021-21191, CVE-2021-21192, CVE-2021-21193\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-592=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-22T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-04-22T00:00:00", "id": "OPENSUSE-SU-2021:0592-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:27", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 76.0.4017.107\n\n - CHR-8413 Update chromium on desktop-stable-90-4017 to 90.0.4430.93\n - DNA-90168 Display SD suggestions titles\n - DNA-92693 \ufffd\ufffd\ufffdRe-attach tab\ufffd\ufffd\ufffd overlay is not resized with window\n - DNA-92926 [Mac][Cashback] \ufffd\ufffd\ufffdClose Tab\ufffd\ufffd\ufffd menu item not greyed out for\n Cashback corner\n - DNA-92934 Report crashes from opera://crashes and Tooltip to new\n Atlassian\n - DNA-92980 Enable tutorials flag on all streams\n - The update to chromium 90.0.4430.93 fixes following issues:\n CVE-2021-21227, CVE-2021-21232, CVE-2021-21233, CVE-2021-21228,\n CVE-2021-21229, CVE-2021-21230, CVE-2021-21231\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-729=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-15T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-15T00:00:00", "id": "OPENSUSE-SU-2021:0729-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:45", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 76.0.4017.94\n\n - released on the stable branch\n\n Update to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85\n - DNA-92219 Add bookmark API supports to the front-end\n - DNA-92409 [MAC] \ufffd\ufffd\ufffdPresent now\ufffd\ufffd\ufffd options windows appear behind\n detached window\n - DNA-92615 Capture tab from the tab context menu\n - DNA-92616 Capture tab from Snapshot\n - DNA-92617 Capture tab from image context menu\n - DNA-92652 Opera 76 translations\n - DNA-92680 Make image selector on any page work like bookmarks popup WP2\n - DNA-92707 Crash at void base::ObserverList::AddObserver(class\n content::PrerenderHost::Observer*)\n - DNA-92710 Autoupdate on macOS 11.3 not working\n - DNA-92711 Make image selector on any page work like bookmarks popup WP3\n - DNA-92730 Make image selector on any page work like bookmarks popup WP4\n - DNA-92761 Make image selector on any page work like bookmarks popup WP5\n - DNA-92776 Make image selector on any page work like bookmarks popup WP6\n - DNA-92862 Make \ufffd\ufffd\ufffdView pinboards\ufffd\ufffd\ufffd button work\n - DNA-92906 Provide in-house translations for Cashback strings to Spanish\n - DNA-92908 API collides with oneclick installer\n - The update to chromium 90.0.4430.85 fixes following issues:\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225,\n CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\n Update to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128\n - DNA-92113 Windows debug fails to compile\n opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n - DNA-92198 [Arm] Update signing scripts\n - DNA-92200 [Arm] Create universal packages from two buildsets\n - DNA-92338 [Search tabs] The preview isn\ufffd\ufffd\ufffdt updated when the tab from\n another window is closed\n - DNA-92410 [Download popup] Selected item still looks bad in dark mode\n - DNA-92441 Compilation error\n - DNA-92514 Allow to generate universal DMG package from existing\n universal .tar.xz\n - DNA-92608 Opera 75 crash during rapid workspace switching\n - DNA-92627 Crash at automation::Error::code()\n - DNA-92630 Crash at\n opera::PremiumExtensionPersistentPrefStorageImpl::IsPremiumExtensionFeature\n Enabled()\n - DNA-92648 Amazon icon disappears from Sidebar Extensions section after\n pressing Hide Amazon button\n - DNA-92681 Add missing string in Japanese\n - DNA-92684 Fix issues with signing multiple bsids\n - DNA-92706 Update repack generation from universal packages\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following issues:\n CVE-2021-21206, CVE-2021-21220\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-712=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-11T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-05-11T00:00:00", "id": "OPENSUSE-SU-2021:0712-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UVVTKODULIJ72SWD273BSN4VWATWGOOD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T08:10:26", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 89.0.4389.114 boo#1184256\n\n - CVE-2021-21194: Use after free in screen capture\n - CVE-2021-21195: Use after free in V8\n - CVE-2021-21196: Heap buffer overflow in TabStrip\n - CVE-2021-21197: Heap buffer overflow in TabStrip\n - CVE-2021-21198: Out of bounds read in IPC\n - CVE-2021-21199: Use Use after free in Aura\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-513=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-06T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-04-06T00:00:00", "id": "OPENSUSE-SU-2021:0513-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MB2VUPDDX4YJQ53XSCKQEHEHQMCW2MOQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 89.0.4389.114 boo#1184256\n\n - CVE-2021-21194: Use after free in screen capture\n - CVE-2021-21195: Use after free in V8\n - CVE-2021-21196: Heap buffer overflow in TabStrip\n - CVE-2021-21197: Heap buffer overflow in TabStrip\n - CVE-2021-21198: Out of bounds read in IPC\n - CVE-2021-21199: Use Use after free in Aura\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-515=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-07T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-04-07T00:00:00", "id": "OPENSUSE-SU-2021:0515-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/REVRJBO5263D3WBYK2JYYJCS6EALUV7Q/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:37", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Update to 88.0.4324.146 boo#1181772\n - CVE-2021-21142: Use after free in Payments\n - CVE-2021-21143: Heap buffer overflow in Extensions\n - CVE-2021-21144: Heap buffer overflow in Tab Groups.\n - CVE-2021-21145: Use after free in Fonts\n - CVE-2021-21146: Use after free in Navigation.\n - CVE-2021-21147: Inappropriate implementation in Skia\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-268=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-10T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2021-02-10T00:00:00", "id": "OPENSUSE-SU-2021:0268-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DM5J73PFE6RAAP7ZYV2S2F6NISQVSMLP/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:37", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Update to 88.0.4324.146 boo#1181772\n - CVE-2021-21142: Use after free in Payments\n - CVE-2021-21143: Heap buffer overflow in Extensions\n - CVE-2021-21144: Heap buffer overflow in Tab Groups.\n - CVE-2021-21145: Use after free in Fonts\n - CVE-2021-21146: Use after free in Navigation.\n - CVE-2021-21147: Inappropriate implementation in Skia\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-259=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-07T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147"], "modified": "2021-02-07T00:00:00", "id": "OPENSUSE-SU-2021:0259-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCYZBSKAQDG7SYKEXASEZQODBJQKCMUZ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:33", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium was updated to 89.0.4389.90 (boo#1183515)\n - CVE-2021-21191: Use after free in WebRTC.\n - CVE-2021-21192: Heap buffer overflow in tab groups.\n - CVE-2021-21193: Use after free in Blink.\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-446=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-19T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-19T00:00:00", "id": "OPENSUSE-SU-2021:0446-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YWKF4CBSQUAW5TXSAKSJ2IWL4TE2FP6H/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T06:10:38", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium was updated to 89.0.4389.90 (boo#1183515)\n - CVE-2021-21191: Use after free in WebRTC.\n - CVE-2021-21192: Heap buffer overflow in tab groups.\n - CVE-2021-21193: Use after free in Blink.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-436=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-17T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193"], "modified": "2021-03-17T00:00:00", "id": "OPENSUSE-SU-2021:0436-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KJEA6IOQ2CJDQ5EOOYOTAMEHN6772YOW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium 89.0.4389.128 (boo#1184700):\n * CVE-2021-21206: Use after free in blink\n * CVE-2021-21220: Insufficient validation of untrusted input in v8 for\n x86_64\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-575=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-19T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-04-19T00:00:00", "id": "OPENSUSE-SU-2021:0575-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7IO7QUUW232VPDW2BITKAFAZ63OJKMQB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium 89.0.4389.128 (boo#1184700):\n * CVE-2021-21206: Use after free in blink\n * CVE-2021-21220: Insufficient validation of untrusted input in v8 for\n x86_64\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-567=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-17T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220"], "modified": "2021-04-17T00:00:00", "id": "OPENSUSE-SU-2021:0567-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5J4EIEBQDVS2O3BUI7IGNQ45JQRY7IQ5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:39", "description": "An update that fixes 29 vulnerabilities is now available.\n\nDescription:\n\n This update for libqt5-qtwebengine fixes the following issues:\n\n Update to version 5.15.3\n\n CVE fixes backported in chromium updates:\n\n - CVE-2020-16044: Use after free in WebRTC\n - CVE-2021-21118: Heap buffer overflow in Blink\n - CVE-2021-21119: Use after free in Media\n - CVE-2021-21120: Use after free in WebSQL\n - CVE-2021-21121: Use after free in Omnibox\n - CVE-2021-21122: Use after free in Blink\n - CVE-2021-21123: Insufficient data validation in File System API\n - CVE-2021-21125: Insufficient policy enforcement in File System API\n - CVE-2021-21126: Insufficient policy enforcement in extensions\n - CVE-2021-21127: Insufficient policy enforcement in extensions\n - CVE-2021-21128: Heap buffer overflow in Blink\n - CVE-2021-21129: Insufficient policy enforcement in File System API\n - CVE-2021-21130: Insufficient policy enforcement in File System API\n - CVE-2021-21131: Insufficient policy enforcement in File System API\n - CVE-2021-21132: Inappropriate implementation in DevTools\n - CVE-2021-21135: Inappropriate implementation in Performance API\n - CVE-2021-21137: Inappropriate implementation in DevTools\n - CVE-2021-21140: Uninitialized Use in USB\n - CVE-2021-21141: Insufficient policy enforcement in File System API\n - CVE-2021-21145: Use after free in Fonts\n - CVE-2021-21146: Use after free in Navigation\n - CVE-2021-21147: Inappropriate implementation in Skia\n - CVE-2021-21148: Heap buffer overflow in V8\n - CVE-2021-21149: Stack overflow in Data Transfer\n - CVE-2021-21150: Use after free in Downloads\n - CVE-2021-21152: Heap buffer overflow in Media\n - CVE-2021-21153: Stack overflow in GPU Process\n - CVE-2021-21156: Heap buffer overflow in V8\n - CVE-2021-21157: Use after free in Web Sockets\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-1016=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-09T00:00:00", "type": "suse", "title": "Security update for libqt5-qtwebengine (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21135", "CVE-2021-21137", "CVE-2021-21140", "CVE-2021-21141", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-07-09T00:00:00", "id": "OPENSUSE-SU-2021:1016-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FA7FANKJNI72BRIWJCZ3TLBXXZJS7GLL/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T04:09:11", "description": "An update that fixes 29 vulnerabilities is now available.\n\nDescription:\n\n This update for libqt5-qtwebengine fixes the following issues:\n\n Update to version 5.15.3\n\n CVE fixes backported in chromium updates:\n\n - CVE-2020-16044: Use after free in WebRTC\n - CVE-2021-21118: Heap buffer overflow in Blink\n - CVE-2021-21119: Use after free in Media\n - CVE-2021-21120: Use after free in WebSQL\n - CVE-2021-21121: Use after free in Omnibox\n - CVE-2021-21122: Use after free in Blink\n - CVE-2021-21123: Insufficient data validation in File System API\n - CVE-2021-21125: Insufficient policy enforcement in File System API\n - CVE-2021-21126: Insufficient policy enforcement in extensions\n - CVE-2021-21127: Insufficient policy enforcement in extensions\n - CVE-2021-21128: Heap buffer overflow in Blink\n - CVE-2021-21129: Insufficient policy enforcement in File System API\n - CVE-2021-21130: Insufficient policy enforcement in File System API\n - CVE-2021-21131: Insufficient policy enforcement in File System API\n - CVE-2021-21132: Inappropriate implementation in DevTools\n - CVE-2021-21135: Inappropriate implementation in Performance API\n - CVE-2021-21137: Inappropriate implementation in DevTools\n - CVE-2021-21140: Uninitialized Use in USB\n - CVE-2021-21141: Insufficient policy enforcement in File System API\n - CVE-2021-21145: Use after free in Fonts\n - CVE-2021-21146: Use after free in Navigation\n - CVE-2021-21147: Inappropriate implementation in Skia\n - CVE-2021-21148: Heap buffer overflow in V8\n - CVE-2021-21149: Stack overflow in Data Transfer\n - CVE-2021-21150: Use after free in Downloads\n - CVE-2021-21152: Heap buffer overflow in Media\n - CVE-2021-21153: Stack overflow in GPU Process\n - CVE-2021-21156: Heap buffer overflow in V8\n - CVE-2021-21157: Use after free in Web Sockets\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-973=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-06T00:00:00", "type": "suse", "title": "Security update for libqt5-qtwebengine (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21135", "CVE-2021-21137", "CVE-2021-21140", "CVE-2021-21141", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-07-06T00:00:00", "id": "OPENSUSE-SU-2021:0973-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5TAIJROLXEDDASYPE5FNK2OGKN4IAJT5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T17:39:47", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4886-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nApril 06, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162\n CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167\n CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171\n CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175\n CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179\n CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183\n CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187\n CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191\n CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195\n CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199\n\nSeveral vulnerabilites have been discovered in the chromium web browser.\n\nCVE-2021-21159\n\n Khalil Zhani disocvered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21160\n\n Marcin Noga discovered a buffer overflow issue in WebAudio.\n\nCVE-2021-21161\n\n Khalil Zhani disocvered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21162\n\n A use-after-free issue was discovered in the WebRTC implementation.\n\nCVE-2021-21163\n\n Alison Huffman discovered a data validation issue.\n\nCVE-2021-21165\n\n Alison Huffman discovered an error in the audio implementation.\n\nCVE-2021-21166\n\n Alison Huffman discovered an error in the audio implementation.\n\nCVE-2021-21167\n\n Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks\n implementation.\n\nCVE-2021-21168\n\n Luan Herrera discovered a policy enforcement error in the appcache.\n\nCVE-2021-21169\n\n Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the\n v8 javascript library.\n\nCVE-2021-21170\n\n David Erceg discovered a user interface error.\n\nCVE-2021-21171\n\n Irvan Kurniawan discovered a user interface error.\n\nCVE-2021-21172\n\n Maciej Pulikowski discovered a policy enforcement error in the File\n System API.\n\nCVE-2021-21173\n\n Tom Van Goethem discovered a network based information leak.\n\nCVE-2021-21174\n\n Ashish Guatam Kambled discovered an implementation error in the Referrer\n policy.\n\nCVE-2021-21175\n\n Jun Kokatsu discovered an implementation error in the Site Isolation\n feature.\n\nCVE-2021-21176\n\n Luan Herrera discovered an implementation error in the full screen mode.\n\nCVE-2021-21177\n\n Abdulrahman Alqabandi discovered a policy enforcement error in the\n Autofill feature.\n\nCVE-2021-21178\n\n Japong discovered an error in the Compositor implementation.\n\nCVE-2021-21179\n\n A use-after-free issue was discovered in the networking implementation.\n\nCVE-2021-21180\n\n Abdulrahman Alqabandi discovered a use-after-free issue in the tab search\n feature.\n\nCVE-2021-21181\n\n Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel\n information leak in the Autofill feature.\n\nCVE-2021-21182\n\n Luan Herrera discovered a policy enforcement error in the site navigation\n implementation.\n\nCVE-2021-21183\n\n Takashi Yoneuchi discovered an implementation error in the Performance API.\n\nCVE-2021-21184\n\n James Hartig discovered an implementation error in the Performance API.\n\nCVE-2021-21185\n\n David Erceg discovered a policy enforcement error in Extensions.\n\nCVE-2021-21186\n\n dhirajkumarnifty discovered a policy enforcement error in the QR scan\n implementation.\n\nCVE-2021-21187\n\n Kirtikumar Anandrao Ramchandani discovered a data validation error in\n URL formatting.\n\nCVE-2021-21188\n\n Woojin Oh discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2021-21189\n\n Khalil Zhani discovered a policy enforcement error in the Payments\n implementation.\n\nCVE-2021-21190\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21191\n\n raven discovered a use-after-free issue in the WebRTC implementation.\n\nCVE-2021-21192\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n\nCVE-2021-21193\n\n A use-after-free issue was discovered in Blink/Webkit.\n\nCVE-2021-21194\n\n Leecraso and Guang Gong discovered a use-after-free issue in the screen\n capture feature.\n\nCVE-2021-21195\n\n Liu and Liang discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2021-21196\n\n Khalil Zhani discovered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21197\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n\nCVE-2021-21198\n\n Mark Brand discovered an out-of-bounds read issue in the Inter-Process\n Communication implementation.\n\nCVE-2021-21199\n\n Weipeng Jiang discovered a use-after-free issue in the Aura window and\n event manager.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 89.0.4389.114-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-06T13:38:49", "type": "debian", "title": "[SECURITY] [DSA 4886-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-04-06T13:38:49", "id": "DEBIAN:DSA-4886-1:8DF2D", "href": "https://lists.debian.org/debian-security-announce/2021/msg00067.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-29T22:22:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4886-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nApril 06, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162\n CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167\n CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171\n CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175\n CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179\n CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183\n CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187\n CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191\n CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195\n CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199\n\nSeveral vulnerabilites have been discovered in the chromium web browser.\n\nCVE-2021-21159\n\n Khalil Zhani disocvered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21160\n\n Marcin Noga discovered a buffer overflow issue in WebAudio.\n\nCVE-2021-21161\n\n Khalil Zhani disocvered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21162\n\n A use-after-free issue was discovered in the WebRTC implementation.\n\nCVE-2021-21163\n\n Alison Huffman discovered a data validation issue.\n\nCVE-2021-21165\n\n Alison Huffman discovered an error in the audio implementation.\n\nCVE-2021-21166\n\n Alison Huffman discovered an error in the audio implementation.\n\nCVE-2021-21167\n\n Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks\n implementation.\n\nCVE-2021-21168\n\n Luan Herrera discovered a policy enforcement error in the appcache.\n\nCVE-2021-21169\n\n Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the\n v8 javascript library.\n\nCVE-2021-21170\n\n David Erceg discovered a user interface error.\n\nCVE-2021-21171\n\n Irvan Kurniawan discovered a user interface error.\n\nCVE-2021-21172\n\n Maciej Pulikowski discovered a policy enforcement error in the File\n System API.\n\nCVE-2021-21173\n\n Tom Van Goethem discovered a network based information leak.\n\nCVE-2021-21174\n\n Ashish Guatam Kambled discovered an implementation error in the Referrer\n policy.\n\nCVE-2021-21175\n\n Jun Kokatsu discovered an implementation error in the Site Isolation\n feature.\n\nCVE-2021-21176\n\n Luan Herrera discovered an implementation error in the full screen mode.\n\nCVE-2021-21177\n\n Abdulrahman Alqabandi discovered a policy enforcement error in the\n Autofill feature.\n\nCVE-2021-21178\n\n Japong discovered an error in the Compositor implementation.\n\nCVE-2021-21179\n\n A use-after-free issue was discovered in the networking implementation.\n\nCVE-2021-21180\n\n Abdulrahman Alqabandi discovered a use-after-free issue in the tab search\n feature.\n\nCVE-2021-21181\n\n Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel\n information leak in the Autofill feature.\n\nCVE-2021-21182\n\n Luan Herrera discovered a policy enforcement error in the site navigation\n implementation.\n\nCVE-2021-21183\n\n Takashi Yoneuchi discovered an implementation error in the Performance API.\n\nCVE-2021-21184\n\n James Hartig discovered an implementation error in the Performance API.\n\nCVE-2021-21185\n\n David Erceg discovered a policy enforcement error in Extensions.\n\nCVE-2021-21186\n\n dhirajkumarnifty discovered a policy enforcement error in the QR scan\n implementation.\n\nCVE-2021-21187\n\n Kirtikumar Anandrao Ramchandani discovered a data validation error in\n URL formatting.\n\nCVE-2021-21188\n\n Woojin Oh discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2021-21189\n\n Khalil Zhani discovered a policy enforcement error in the Payments\n implementation.\n\nCVE-2021-21190\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21191\n\n raven discovered a use-after-free issue in the WebRTC implementation.\n\nCVE-2021-21192\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n\nCVE-2021-21193\n\n A use-after-free issue was discovered in Blink/Webkit.\n\nCVE-2021-21194\n\n Leecraso and Guang Gong discovered a use-after-free issue in the screen\n capture feature.\n\nCVE-2021-21195\n\n Liu and Liang discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2021-21196\n\n Khalil Zhani discovered a buffer overflow issue in the tab implementation.\n\nCVE-2021-21197\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n\nCVE-2021-21198\n\n Mark Brand discovered an out-of-bounds read issue in the Inter-Process\n Communication implementation.\n\nCVE-2021-21199\n\n Weipeng Jiang discovered a use-after-free issue in the Aura window and\n event manager.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 89.0.4389.114-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-06T13:38:49", "type": "debian", "title": "[SECURITY] [DSA 4886-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199"], "modified": "2021-04-06T13:38:49", "id": "DEBIAN:DSA-4886-1:0EF07", "href": "https://lists.debian.org/debian-security-announce/2021/msg00067.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-03T14:52:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4906-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nApril 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204\n CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209\n CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213\n CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217\n CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222\n CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21201\n\n Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\nCVE-2021-21202\n\n David Erceg discovered a use-after-free issue in extensions.\n\nCVE-2021-21203\n\n asnine discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2021-21204\n\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a\n use-after-free issue in Blink/Webkit.\n\nCVE-2021-21205\n\n Alison Huffman discovered a policy enforcement error.\n\nCVE-2021-21207\n\n koocola and Nan Wang discovered a use-after-free in the indexed database.\n\nCVE-2021-21208\n\n Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\nCVE-2021-21209\n\n Tom Van Goethem discovered an implementation error in the Storage API.\n\nCVE-2021-21210\n\n @bananabr discovered an error in the networking implementation.\n\nCVE-2021-21211\n\n Akash Labade discovered an error in the navigation implementation.\n\nCVE-2021-21212\n\n Hugo Hue and Sze Yui Chau discovered an error in the network configuration\n user interface.\n\nCVE-2021-21213\n\n raven discovered a use-after-free issue in the WebMIDI implementation.\n\nCVE-2021-21214\n\n A use-after-free issue was discovered in the networking implementation.\n\nCVE-2021-21215\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21216\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21217\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21218\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21219\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21221\n\n Guang Gong discovered insufficient validation of untrusted input.\n\nCVE-2021-21222\n\n Guang Gong discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21223\n\n Guang Gong discovered an integer overflow issue.\n\nCVE-2021-21224\n\n Jose Martinez discovered a type error in the v8 javascript library.\n\nCVE-2021-21225\n\n Brendon Tiszka discovered an out-of-bounds memory access issue in the v8\n javascript library.\n\nCVE-2021-21226\n\n Brendon Tiszka discovered a use-after-free issue in the networking\n implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.85-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T01:49:06", "type": "debian", "title": "[SECURITY] [DSA 4906-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-28T01:49:06", "id": "DEBIAN:DSA-4906-1:4BE22", "href": "https://lists.debian.org/debian-security-announce/2021/msg00087.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T17:58:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4858-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nFebruary 19, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151\n CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155\n CVE-2021-21156 CVE-2021-21157\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21148\n\n Mattias Buelens discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21149\n\n Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer\n implementation.\n\nCVE-2021-21150\n\n Woojin Oh discovered a use-after-free issue in the file downloader.\n\nCVE-2021-21151\n\n Khalil Zhani discovered a use-after-free issue in the payments system.\n\nCVE-2021-21152\n\n A buffer overflow was discovered in media handling.\n\nCVE-2021-21153\n\n Jan Ruge discovered a stack overflow issue in the GPU process.\n\nCVE-2021-21154\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip\n implementation.\n\nCVE-2021-21155\n\n Khalil Zhani discovered a buffer overflow issue in the Tab Strip\n implementation.\n\nCVE-2021-21156\n\n Sergei Glazunov discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21157\n\n A use-after-free issue was discovered in the Web Sockets implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 88.0.4324.182-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-20T02:29:52", "type": "debian", "title": "[SECURITY] [DSA 4858-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157"], "modified": "2021-02-20T02:29:52", "id": "DEBIAN:DSA-4858-1:7131E", "href": "https://lists.debian.org/debian-security-announce/2021/msg00039.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-03T14:31:42", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4911-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nMay 03, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230\n CVE-2021-21231 CVE-2021-21232 CVE-2021-21233\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21227\n\n Gengming Liu discovered a data validation issue in the v8 javascript\n library.\n\nCVE-2021-21228\n\n Rob Wu discovered a policy enforcement error.\n\nCVE-2021-21229\n\n Mohit Raj discovered a user interface error in the file downloader.\n\nCVE-2021-21230\n\n Manfred Paul discovered use of an incorrect type.\n\nCVE-2021-21231\n\n Sergei Glazunov discovered a data validation issue in the v8 javascript\n library.\n\nCVE-2021-21232\n\n Abdulrahman Alqabandi discovered a use-after-free issue in the developer\n tools.\n\nCVE-2021-21233\n\n Omair discovered a buffer overflow issue in the ANGLE library.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.93-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-04T03:09:56", "type": "debian", "title": "[SECURITY] [DSA 4911-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-04T03:09:56", "id": "DEBIAN:DSA-4911-1:18E30", "href": "https://lists.debian.org/debian-security-announce/2021/msg00092.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:54", "description": "\nSeveral vulnerabilites have been discovered in the chromium web browser.\n\n\n* [CVE-2021-21159](https://security-tracker.debian.org/tracker/CVE-2021-21159)\nKhalil Zhani discovered a buffer overflow issue in the tab implementation.\n* [CVE-2021-21160](https://security-tracker.debian.org/tracker/CVE-2021-21160)\nMarcin Noga discovered a buffer overflow issue in WebAudio.\n* [CVE-2021-21161](https://security-tracker.debian.org/tracker/CVE-2021-21161)\nKhalil Zhani discovered a buffer overflow issue in the tab implementation.\n* [CVE-2021-21162](https://security-tracker.debian.org/tracker/CVE-2021-21162)\nA use-after-free issue was discovered in the WebRTC implementation.\n* [CVE-2021-21163](https://security-tracker.debian.org/tracker/CVE-2021-21163)\nAlison Huffman discovered a data validation issue.\n* [CVE-2021-21165](https://security-tracker.debian.org/tracker/CVE-2021-21165)\nAlison Huffman discovered an error in the audio implementation.\n* [CVE-2021-21166](https://security-tracker.debian.org/tracker/CVE-2021-21166)\nAlison Huffman discovered an error in the audio implementation.\n* [CVE-2021-21167](https://security-tracker.debian.org/tracker/CVE-2021-21167)\nLeecraso and Guang Gong discovered a use-after-free issue in the bookmarks\n implementation.\n* [CVE-2021-21168](https://security-tracker.debian.org/tracker/CVE-2021-21168)\nLuan Herrera discovered a policy enforcement error in the appcache.\n* [CVE-2021-21169](https://security-tracker.debian.org/tracker/CVE-2021-21169)\nBohan Liu and Moon Liang discovered an out-of-bounds access issue in the\n v8 javascript library.\n* [CVE-2021-21170](https://security-tracker.debian.org/tracker/CVE-2021-21170)\nDavid Erceg discovered a user interface error.\n* [CVE-2021-21171](https://security-tracker.debian.org/tracker/CVE-2021-21171)\nIrvan Kurniawan discovered a user interface error.\n* [CVE-2021-21172](https://security-tracker.debian.org/tracker/CVE-2021-21172)\nMaciej Pulikowski discovered a policy enforcement error in the File\n System API.\n* [CVE-2021-21173](https://security-tracker.debian.org/tracker/CVE-2021-21173)\nTom Van Goethem discovered a network based information leak.\n* [CVE-2021-21174](https://security-tracker.debian.org/tracker/CVE-2021-21174)\nAshish Guatam Kambled discovered an implementation error in the Referrer\n policy.\n* [CVE-2021-21175](https://security-tracker.debian.org/tracker/CVE-2021-21175)\nJun Kokatsu discovered an implementation error in the Site Isolation\n feature.\n* [CVE-2021-21176](https://security-tracker.debian.org/tracker/CVE-2021-21176)\nLuan Herrera discovered an implementation error in the full screen mode.\n* [CVE-2021-21177](https://security-tracker.debian.org/tracker/CVE-2021-21177)\nAbdulrahman Alqabandi discovered a policy enforcement error in the\n Autofill feature.\n* [CVE-2021-21178](https://security-tracker.debian.org/tracker/CVE-2021-21178)\nJapong discovered an error in the Compositor implementation.\n* [CVE-2021-21179](https://security-tracker.debian.org/tracker/CVE-2021-21179)\nA use-after-free issue was discovered in the networking implementation.\n* [CVE-2021-21180](https://security-tracker.debian.org/tracker/CVE-2021-21180)\nAbdulrahman Alqabandi discovered a use-after-free issue in the tab search\n feature.\n* [CVE-2021-21181](https://security-tracker.debian.org/tracker/CVE-2021-21181)\nXu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel\n information leak in the Autofill feature.\n* [CVE-2021-21182](https://security-tracker.debian.org/tracker/CVE-2021-21182)\nLuan Herrera discovered a policy enforcement error in the site navigation\n implementation.\n* [CVE-2021-21183](https://security-tracker.debian.org/tracker/CVE-2021-21183)\nTakashi Yoneuchi discovered an implementation error in the Performance API.\n* [CVE-2021-21184](https://security-tracker.debian.org/tracker/CVE-2021-21184)\nJames Hartig discovered an implementation error in the Performance API.\n* [CVE-2021-21185](https://security-tracker.debian.org/tracker/CVE-2021-21185)\nDavid Erceg discovered a policy enforcement error in Extensions.\n* [CVE-2021-21186](https://security-tracker.debian.org/tracker/CVE-2021-21186)\ndhirajkumarnifty discovered a policy enforcement error in the QR scan\n implementation.\n* [CVE-2021-21187](https://security-tracker.debian.org/tracker/CVE-2021-21187)\nKirtikumar Anandrao Ramchandani discovered a data validation error in\n URL formatting.\n* [CVE-2021-21188](https://security-tracker.debian.org/tracker/CVE-2021-21188)\nWoojin Oh discovered a use-after-free issue in Blink/Webkit.\n* [CVE-2021-21189](https://security-tracker.debian.org/tracker/CVE-2021-21189)\nKhalil Zhani discovered a policy enforcement error in the Payments\n implementation.\n* [CVE-2021-21190](https://security-tracker.debian.org/tracker/CVE-2021-21190)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21191](https://security-tracker.debian.org/tracker/CVE-2021-21191)\nraven discovered a use-after-free issue in the WebRTC implementation.\n* [CVE-2021-21192](https://security-tracker.debian.org/tracker/CVE-2021-21192)\nAbdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n* [CVE-2021-21193](https://security-tracker.debian.org/tracker/CVE-2021-21193)\nA use-after-free issue was discovered in Blink/Webkit.\n* [CVE-2021-21194](https://security-tracker.debian.org/tracker/CVE-2021-21194)\nLeecraso and Guang Gong discovered a use-after-free issue in the screen\n capture feature.\n* [CVE-2021-21195](https://security-tracker.debian.org/tracker/CVE-2021-21195)\nLiu and Liang discovered a use-after-free issue in the v8 javascript\n library.\n* [CVE-2021-21196](https://security-tracker.debian.org/tracker/CVE-2021-21196)\nKhalil Zhani discovered a buffer overflow issue in the tab implementation.\n* [CVE-2021-21197](https://security-tracker.debian.org/tracker/CVE-2021-21197)\nAbdulrahman Alqabandi discovered a buffer overflow issue in the tab\n implementation.\n* [CVE-2021-21198](https://security-tracker.debian.org/tracker/CVE-2021-21198)\nMark Brand discovered an out-of-bounds read issue in the Inter-Process\n Communication implementation.\