Chromium, Google Chrome: Multiple vulnerabilities

2022-01-31T00:00:00

Description

### Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. ### Description Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. ### Impact Please review the referenced CVE identifiers for details. ### Workaround There is no known workaround at this time. ### Resolution All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-97.0.4692.99" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-97.0.4692.99"

Affected Package

OS	OS Version	Package Name	Package Version
Gentoo	any	www-client/google-chrome	97.0.4692.99
Gentoo	any	www-client/chromium	97.0.4692.99

{"id": "GLSA-202201-02", "vendorId": null, "type": "gentoo", "bulletinFamily": "unix", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one, fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n \t\t\t# emerge --sync\n \t\t\t# emerge --ask --oneshot --verbose\n \t\t\t\">=www-client/chromium-97.0.4692.99\"\n \t\t\n\nAll Google Chrome users should upgrade to the latest version:\n \n \n \t\t\t# emerge --sync\n \t\t\t# emerge --ask --oneshot --verbose\n \t\t\t\">=www-client/google-chrome-97.0.4692.99\"", "published": "2022-01-31T00:00:00", "modified": "2022-01-31T00:00:00", "epss": [{"cve": "CVE-2021-30565", "epss": 0.00205, "percentile": 0.5713, "modified": "2023-05-27"}, {"cve": "CVE-2021-30566", "epss": 0.00379, "percentile": 0.68922, "modified": "2023-05-27"}, {"cve": "CVE-2021-30567", "epss": 0.0021, "percentile": 0.57556, "modified": "2023-05-27"}, {"cve": "CVE-2021-30568", "epss": 0.00358, "percentile": 0.68014, "modified": "2023-05-27"}, {"cve": "CVE-2021-30569", "epss": 0.004, "percentile": 0.69771, "modified": "2023-05-27"}, {"cve": "CVE-2021-30571", "epss": 0.00259, "percentile": 0.6225, "modified": "2023-05-27"}, {"cve": "CVE-2021-30572", "epss": 0.00358, "percentile": 0.6805, "modified": "2023-05-27"}, {"cve": "CVE-2021-30573", "epss": 0.00358, "percentile": 0.6805, "modified": "2023-05-27"}, {"cve": "CVE-2021-30574", "epss": 0.00358, "percentile": 0.6805, "modified": "2023-05-27"}, {"cve": "CVE-2021-30575", "epss": 0.00526, "percentile": 0.73614, "modified": "2023-05-27"}, {"cve": "CVE-2021-30576", "epss": 0.00182, "percentile": 0.54155, "modified": "2023-05-27"}, {"cve": "CVE-2021-30577", "epss": 0.00085, "percentile": 0.34715, "modified": "2023-05-27"}, {"cve": "CVE-2021-30578", "epss": 0.00508, "percentile": 0.7317, "modified": "2023-05-27"}, {"cve": "CVE-2021-30579", "epss": 0.00358, "percentile": 0.6805, "modified": "2023-05-27"}, {"cve": "CVE-2021-30580", "epss": 0.00158, "percentile": 0.50956, "modified": "2023-05-27"}, {"cve": "CVE-2021-30581", "epss": 0.00182, "percentile": 0.54155, "modified": "2023-05-27"}, {"cve": "CVE-2021-30582", "epss": 0.02249, "percentile": 0.87938, "modified": "2023-05-27"}, {"cve": "CVE-2021-30583", "epss": 0.00934, "percentile": 0.808, "modified": "2023-05-27"}, {"cve": "CVE-2021-30584", "epss": 0.00199, "percentile": 0.56347, "modified": "2023-05-27"}, {"cve": "CVE-2021-30585", "epss": 0.004, "percentile": 0.69771, "modified": "2023-05-27"}, {"cve": "CVE-2021-30586", "epss": 0.00194, "percentile": 0.55806, "modified": "2023-05-27"}, {"cve": "CVE-2021-30587", "epss": 0.00435, "percentile": 0.70948, "modified": "2023-05-27"}, {"cve": "CVE-2021-30588", "epss": 0.00508, "percentile": 0.7317, "modified": "2023-05-27"}, {"cve": "CVE-2021-30589", "epss": 0.00149, "percentile": 0.498, "modified": "2023-05-27"}, {"cve": "CVE-2021-30590", "epss": 0.003, "percentile": 0.64989, "modified": "2023-05-27"}, {"cve": "CVE-2021-30591", "epss": 0.00284, "percentile": 0.63982, "modified": "2023-05-27"}, {"cve": "CVE-2021-30592", "epss": 0.00205, "percentile": 0.5713, "modified": "2023-05-27"}, {"cve": "CVE-2021-30593", "epss": 0.00231, "percentile": 0.59864, "modified": "2023-05-27"}, {"cve": "CVE-2021-30594", "epss": 0.00146, "percentile": 0.4939, "modified": "2023-05-27"}, {"cve": "CVE-2021-30596", "epss": 0.00248, "percentile": 0.61237, "modified": "2023-05-27"}, {"cve": "CVE-2021-30597", "epss": 0.00146, "percentile": 0.4939, "modified": "2023-05-27"}, {"cve": "CVE-2021-30598", "epss": 0.00423, "percentile": 0.70541, "modified": "2023-05-27"}, {"cve": "CVE-2021-30599", "epss": 0.0058, "percentile": 0.74931, "modified": "2023-05-27"}, {"cve": "CVE-2021-30600", "epss": 0.00284, "percentile": 0.63982, "modified": "2023-05-27"}, {"cve": "CVE-2021-30601", "epss": 0.00205, "percentile": 0.5713, "modified": "2023-05-27"}, {"cve": "CVE-2021-30602", "epss": 0.00422, "percentile": 0.70504, "modified": "2023-05-27"}, {"cve": "CVE-2021-30603", "epss": 0.00555, "percentile": 0.74316, "modified": "2023-05-27"}, {"cve": "CVE-2021-30604", "epss": 0.00284, "percentile": 0.63982, "modified": "2023-05-27"}, {"cve": "CVE-2021-30606", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30607", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30608", "epss": 0.00198, "percentile": 0.5629, "modified": "2023-05-27"}, {"cve": "CVE-2021-30609", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30610", "epss": 0.00242, "percentile": 0.60681, "modified": "2023-05-27"}, {"cve": "CVE-2021-30611", "epss": 0.00153, "percentile": 0.50231, "modified": "2023-05-27"}, {"cve": "CVE-2021-30612", "epss": 0.00198, "percentile": 0.5629, "modified": "2023-05-27"}, {"cve": "CVE-2021-30613", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30614", "epss": 0.00382, "percentile": 0.69046, "modified": "2023-05-27"}, {"cve": "CVE-2021-30615", "epss": 0.00198, "percentile": 0.56292, "modified": "2023-05-27"}, {"cve": "CVE-2021-30616", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30617", "epss": 0.00117, "percentile": 0.44299, "modified": "2023-05-27"}, {"cve": "CVE-2021-30618", "epss": 0.0026, "percentile": 0.62327, "modified": "2023-05-27"}, {"cve": "CVE-2021-30619", "epss": 0.00166, "percentile": 0.51947, "modified": "2023-05-27"}, {"cve": "CVE-2021-30620", "epss": 0.0026, "percentile": 0.62327, "modified": "2023-05-27"}, {"cve": "CVE-2021-30621", "epss": 0.00166, "percentile": 0.51947, "modified": "2023-05-27"}, {"cve": "CVE-2021-30622", "epss": 0.00198, "percentile": 0.5629, "modified": "2023-05-27"}, {"cve": "CVE-2021-30623", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30624", "epss": 0.00314, "percentile": 0.65804, "modified": "2023-05-27"}, {"cve": "CVE-2021-30625", "epss": 0.00211, "percentile": 0.57648, "modified": "2023-05-27"}, {"cve": "CVE-2021-30626", "epss": 0.00264, "percentile": 0.62555, "modified": "2023-05-27"}, {"cve": "CVE-2021-30627", "epss": 0.00264, "percentile": 0.62555, "modified": "2023-05-27"}, {"cve": "CVE-2021-30628", "epss": 0.00264, "percentile": 0.62555, "modified": "2023-05-27"}, {"cve": "CVE-2021-30629", "epss": 0.00373, "percentile": 0.687, "modified": "2023-05-27"}, {"cve": "CVE-2021-30630", "epss": 0.00179, "percentile": 0.53663, "modified": "2023-05-27"}, {"cve": "CVE-2021-30632", "epss": 0.6303, "percentile": 0.9733, "modified": "2023-06-19"}, {"cve": "CVE-2021-30633", "epss": 0.00233, "percentile": 0.60008, "modified": "2023-05-27"}, {"cve": "CVE-2021-37956", "epss": 0.00224, "percentile": 0.59264, "modified": "2023-05-23"}, {"cve": "CVE-2021-37957", "epss": 0.00202, "percentile": 0.56693, "modified": "2023-05-23"}, {"cve": "CVE-2021-37958", "epss": 0.00338, "percentile": 0.67086, "modified": "2023-05-23"}, {"cve": "CVE-2021-37959", "epss": 0.00146, "percentile": 0.49221, "modified": "2023-05-23"}, {"cve": "CVE-2021-37961", "epss": 0.00224, "percentile": 0.59264, "modified": "2023-05-23"}, {"cve": "CVE-2021-37962", "epss": 0.00224, "percentile": 0.59264, "modified": "2023-05-23"}, {"cve": "CVE-2021-37963", "epss": 0.00341, "percentile": 0.67202, "modified": "2023-05-23"}, {"cve": "CVE-2021-37965", "epss": 0.00336, "percentile": 0.67012, "modified": "2023-05-23"}, {"cve": "CVE-2021-37966", "epss": 0.00237, "percentile": 0.60345, "modified": "2023-05-23"}, {"cve": "CVE-2021-37967", "epss": 0.00237, "percentile": 0.60345, "modified": "2023-05-23"}, {"cve": "CVE-2021-37968", "epss": 0.00477, "percentile": 0.72215, "modified": "2023-05-23"}, {"cve": "CVE-2021-37970", "epss": 0.00223, "percentile": 0.59158, "modified": "2023-05-23"}, {"cve": "CVE-2021-37971", "epss": 0.0039, "percentile": 0.69372, "modified": "2023-05-23"}, {"cve": "CVE-2021-37973", "epss": 0.00301, "percentile": 0.65026, "modified": "2023-05-23"}, {"cve": "CVE-2021-37974", "epss": 0.00325, "percentile": 0.66428, "modified": "2023-05-23"}, {"cve": "CVE-2021-37975", "epss": 0.32826, "percentile": 0.96434, "modified": "2023-06-19"}, {"cve": "CVE-2021-37976", "epss": 0.02814, "percentile": 0.89138, "modified": "2023-05-23"}, {"cve": "CVE-2021-37977", "epss": 0.00301, "percentile": 0.65005, "modified": "2023-05-23"}, {"cve": "CVE-2021-37978", "epss": 0.00212, "percentile": 0.57796, "modified": "2023-05-23"}, {"cve": "CVE-2021-37979", "epss": 0.00211, "percentile": 0.57655, "modified": "2023-05-23"}, {"cve": "CVE-2021-37981", "epss": 0.00175, "percentile": 0.53248, "modified": "2023-05-23"}, {"cve": "CVE-2021-37982", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37983", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37984", "epss": 0.002, "percentile": 0.56491, "modified": "2023-05-23"}, {"cve": "CVE-2021-37985", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37986", "epss": 0.002, "percentile": 0.56491, "modified": "2023-05-23"}, {"cve": "CVE-2021-37987", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37988", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37989", "epss": 0.00182, "percentile": 0.54112, "modified": "2023-05-23"}, {"cve": "CVE-2021-37990", "epss": 0.00107, "percentile": 0.42226, "modified": "2023-05-23"}, {"cve": "CVE-2021-37991", "epss": 0.002, "percentile": 0.56491, "modified": "2023-05-23"}, {"cve": "CVE-2021-37992", "epss": 0.002, "percentile": 0.56491, "modified": "2023-05-23"}, {"cve": "CVE-2021-37993", "epss": 0.00284, "percentile": 0.6397, "modified": "2023-05-23"}, {"cve": "CVE-2021-37994", "epss": 0.00148, "percentile": 0.49565, "modified": "2023-05-23"}, {"cve": "CVE-2021-37995", "epss": 0.00182, "percentile": 0.54112, "modified": "2023-05-23"}, {"cve": "CVE-2021-37996", "epss": 0.00106, "percentile": 0.41969, "modified": "2023-05-23"}, {"cve": "CVE-2021-37997", "epss": 0.00238, "percentile": 0.60458, "modified": "2023-05-23"}, {"cve": "CVE-2021-37998", "epss": 0.00238, "percentile": 0.60458, "modified": "2023-05-23"}, {"cve": "CVE-2021-37999", "epss": 0.00148, "percentile": 0.49524, "modified": "2023-05-23"}, {"cve": "CVE-2021-38000", "epss": 0.00258, "percentile": 0.62115, "modified": "2023-05-23"}, {"cve": "CVE-2021-38001", "epss": 0.00128, "percentile": 0.46194, "modified": "2023-05-23"}, {"cve": "CVE-2021-38002", "epss": 0.00147, "percentile": 0.49381, "modified": "2023-05-23"}, {"cve": "CVE-2021-38003", "epss": 0.01263, "percentile": 0.83606, "modified": "2023-05-23"}, {"cve": "CVE-2021-38005", "epss": 0.00252, "percentile": 0.61617, "modified": "2023-05-23"}, {"cve": "CVE-2021-38006", "epss": 0.00252, "percentile": 0.61617, "modified": "2023-05-23"}, {"cve": "CVE-2021-38007", "epss": 0.00178, "percentile": 0.53572, "modified": "2023-05-23"}, {"cve": "CVE-2021-38008", "epss": 0.003, "percentile": 0.6495, "modified": "2023-05-23"}, {"cve": "CVE-2021-38009", "epss": 0.00218, "percentile": 0.58382, "modified": "2023-05-23"}, {"cve": "CVE-2021-38010", "epss": 0.00146, "percentile": 0.49317, "modified": "2023-05-23"}, {"cve": "CVE-2021-38011", "epss": 0.00252, "percentile": 0.61617, "modified": "2023-05-23"}, {"cve": "CVE-2021-38012", "epss": 0.00178, "percentile": 0.53572, "modified": "2023-05-23"}, {"cve": "CVE-2021-38013", "epss": 0.00186, "percentile": 0.54584, "modified": "2023-05-23"}, {"cve": "CVE-2021-38014", "epss": 0.00173, "percentile": 0.53071, "modified": "2023-05-23"}, {"cve": "CVE-2021-38015", "epss": 0.00115, "percentile": 0.44003, "modified": "2023-05-23"}, {"cve": "CVE-2021-38016", "epss": 0.00178, "percentile": 0.53572, "modified": "2023-05-23"}, {"cve": "CVE-2021-38017", "epss": 0.00178, "percentile": 0.53572, "modified": "2023-05-23"}, {"cve": "CVE-2021-38018", "epss": 0.00106, "percentile": 0.41759, "modified": "2023-05-23"}, {"cve": "CVE-2021-38019", "epss": 0.00214, "percentile": 0.58025, "modified": "2023-05-23"}, {"cve": "CVE-2021-38020", "epss": 0.00148, "percentile": 0.49526, "modified": "2023-05-23"}, {"cve": "CVE-2021-38021", "epss": 0.00146, "percentile": 0.49317, "modified": "2023-05-23"}, {"cve": "CVE-2021-38022", "epss": 0.00214, "percentile": 0.58025, "modified": "2023-05-23"}, {"cve": "CVE-2021-4098", "epss": 0.00102, "percentile": 0.4045, "modified": "2023-05-23"}, {"cve": "CVE-2021-4099", "epss": 0.00188, "percentile": 0.54935, "modified": "2023-05-23"}, {"cve": "CVE-2021-4100", "epss": 0.00133, "percentile": 0.47068, "modified": "2023-05-23"}, {"cve": "CVE-2021-4101", "epss": 0.00133, "percentile": 0.47068, "modified": "2023-05-23"}, {"cve": "CVE-2021-4102", "epss": 0.00722, "percentile": 0.77843, "modified": "2023-05-23"}, {"cve": "CVE-2022-0096", "epss": 0.00327, "percentile": 0.67109, "modified": "2023-09-04"}, {"cve": "CVE-2022-0097", "epss": 0.00174, "percentile": 0.53922, "modified": "2023-09-14"}, {"cve": "CVE-2022-0098", "epss": 0.00155, "percentile": 0.51286, "modified": "2023-09-04"}, {"cve": "CVE-2022-0099", "epss": 0.00377, "percentile": 0.69395, "modified": "2023-09-04"}, {"cve": "CVE-2022-0100", "epss": 0.00425, "percentile": 0.70936, "modified": "2023-07-26"}, {"cve": "CVE-2022-0101", "epss": 0.00357, "percentile": 0.68165, "modified": "2023-06-25"}, {"cve": "CVE-2022-0102", "epss": 0.00317, "percentile": 0.66172, "modified": "2023-06-25"}, {"cve": "CVE-2022-0103", "epss": 0.00377, "percentile": 0.69194, "modified": "2023-07-26"}, {"cve": "CVE-2022-0104", "epss": 0.00292, "percentile": 0.64759, "modified": "2023-06-25"}, {"cve": "CVE-2022-0105", "epss": 0.0029, "percentile": 0.64603, "modified": "2023-06-25"}, {"cve": "CVE-2022-0106", "epss": 0.00274, "percentile": 0.63535, "modified": "2023-06-25"}, {"cve": "CVE-2022-0107", "epss": 0.00138, "percentile": 0.48114, "modified": "2023-06-25"}, {"cve": "CVE-2022-0108", "epss": 0.01201, "percentile": 0.83271, "modified": "2023-06-25"}, {"cve": "CVE-2022-0109", "epss": 0.00522, "percentile": 0.73621, "modified": "2023-06-24"}, {"cve": "CVE-2022-0110", "epss": 0.00304, "percentile": 0.65431, "modified": "2023-06-24"}, {"cve": "CVE-2022-0111", "epss": 0.00375, "percentile": 0.68923, "modified": "2023-06-25"}, {"cve": "CVE-2022-0112", "epss": 0.00241, "percentile": 0.60825, "modified": "2023-06-25"}, {"cve": "CVE-2022-0113", "epss": 0.0062, "percentile": 0.75894, "modified": "2023-06-25"}, {"cve": "CVE-2022-0114", "epss": 0.00311, "percentile": 0.65828, "modified": "2023-06-25"}, {"cve": "CVE-2022-0115", "epss": 0.00274, "percentile": 0.63535, "modified": "2023-06-25"}, {"cve": "CVE-2022-0116", "epss": 0.00289, "percentile": 0.64509, "modified": "2023-06-25"}, {"cve": "CVE-2022-0117", "epss": 0.00592, "percentile": 0.75309, "modified": "2023-06-25"}, {"cve": "CVE-2022-0118", "epss": 0.00223, "percentile": 0.5937, "modified": "2023-06-25"}, {"cve": "CVE-2022-0120", "epss": 0.0052, "percentile": 0.73565, "modified": "2023-06-25"}, {"cve": "CVE-2022-0289", "epss": 0.00687, "percentile": 0.7728, "modified": "2023-06-19"}, {"cve": "CVE-2022-0290", "epss": 0.00486, "percentile": 0.72611, "modified": "2023-06-19"}, {"cve": "CVE-2022-0291", "epss": 0.00115, "percentile": 0.44097, "modified": "2023-06-19"}, {"cve": "CVE-2022-0292", "epss": 0.00111, "percentile": 0.43212, "modified": "2023-06-19"}, {"cve": "CVE-2022-0293", "epss": 0.00653, "percentile": 0.76565, "modified": "2023-06-19"}, {"cve": "CVE-2022-0294", "epss": 0.00115, "percentile": 0.44097, "modified": "2023-06-19"}, {"cve": "CVE-2022-0295", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0296", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0297", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0298", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0300", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0301", "epss": 0.00052, "percentile": 0.18172, "modified": "2023-06-19"}, {"cve": "CVE-2022-0302", "epss": 0.0016, "percentile": 0.5146, "modified": "2023-06-19"}, {"cve": "CVE-2022-0304", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0305", "epss": 0.00092, "percentile": 0.38173, "modified": "2023-06-19"}, {"cve": "CVE-2022-0306", "epss": 0.00255, "percentile": 0.62127, "modified": "2023-06-19"}, {"cve": "CVE-2022-0307", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0308", "epss": 0.01525, "percentile": 0.85174, "modified": "2023-06-19"}, {"cve": "CVE-2022-0309", "epss": 0.00092, "percentile": 0.38173, "modified": "2023-06-19"}, {"cve": "CVE-2022-0310", "epss": 0.00111, "percentile": 0.43225, "modified": "2023-06-19"}, {"cve": "CVE-2022-0311", "epss": 0.00111, "percentile": 0.43225, "modified": "2023-06-19"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 2.8, "impactScore": 6.0}, "href": "https://security.gentoo.org/glsa/202201-02", "reporter": "Gentoo Foundation", "references": [], "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "immutableFields": [], "lastseen": "2023-09-15T17:08:11", "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-30565", "ALPINE:CVE-2021-30566", "ALPINE:CVE-2021-30567", "ALPINE:CVE-2021-30568", "ALPINE:CVE-2021-30569", "ALPINE:CVE-2021-30571", "ALPINE:CVE-2021-30572", "ALPINE:CVE-2021-30573", "ALPINE:CVE-2021-30574", "ALPINE:CVE-2021-30575", "ALPINE:CVE-2021-30576", "ALPINE:CVE-2021-30577", "ALPINE:CVE-2021-30578", "ALPINE:CVE-2021-30579", "ALPINE:CVE-2021-30580", "ALPINE:CVE-2021-30581", "ALPINE:CVE-2021-30582", "ALPINE:CVE-2021-30583", "ALPINE:CVE-2021-30584", "ALPINE:CVE-2021-30585", "ALPINE:CVE-2021-30586", "ALPINE:CVE-2021-30587", "ALPINE:CVE-2021-30588", "ALPINE:CVE-2021-30589", "ALPINE:CVE-2021-30590", "ALPINE:CVE-2021-30591", "ALPINE:CVE-2021-30592", "ALPINE:CVE-2021-30593", "ALPINE:CVE-2021-30594", "ALPINE:CVE-2021-30596", "ALPINE:CVE-2021-30597", "ALPINE:CVE-2021-30598", "ALPINE:CVE-2021-30599", "ALPINE:CVE-2021-30600", "ALPINE:CVE-2021-30601", "ALPINE:CVE-2021-30602", "ALPINE:CVE-2021-30603", "ALPINE:CVE-2021-30604", "ALPINE:CVE-2021-30606", "ALPINE:CVE-2021-30607", "ALPINE:CVE-2021-30608", "ALPINE:CVE-2021-30609", "ALPINE:CVE-2021-30610", "ALPINE:CVE-2021-30611", "ALPINE:CVE-2021-30612", "ALPINE:CVE-2021-30613", "ALPINE:CVE-2021-30614", "ALPINE:CVE-2021-30615", "ALPINE:CVE-2021-30616", "ALPINE:CVE-2021-30617", "ALPINE:CVE-2021-30618", "ALPINE:CVE-2021-30619", "ALPINE:CVE-2021-30620", "ALPINE:CVE-2021-30621", "ALPINE:CVE-2021-30622", "ALPINE:CVE-2021-30623", "ALPINE:CVE-2021-30624", "ALPINE:CVE-2021-30625", "ALPINE:CVE-2021-30626", "ALPINE:CVE-2021-30627", "ALPINE:CVE-2021-30628", "ALPINE:CVE-2021-30629", "ALPINE:CVE-2021-30630", "ALPINE:CVE-2021-30631", "ALPINE:CVE-2021-30632", "ALPINE:CVE-2021-30633", "ALPINE:CVE-2021-37962", "ALPINE:CVE-2021-37967", "ALPINE:CVE-2021-37968", "ALPINE:CVE-2021-37971", "ALPINE:CVE-2021-37973", "ALPINE:CVE-2021-37975", "ALPINE:CVE-2021-37978", "ALPINE:CVE-2021-37979", "ALPINE:CVE-2021-37984", "ALPINE:CVE-2021-37987", "ALPINE:CVE-2021-37989", "ALPINE:CVE-2021-37992", "ALPINE:CVE-2021-37993", "ALPINE:CVE-2021-37996", "ALPINE:CVE-2021-38001", "ALPINE:CVE-2021-38003", "ALPINE:CVE-2021-38005", "ALPINE:CVE-2021-38007", "ALPINE:CVE-2021-38009", "ALPINE:CVE-2021-38010", "ALPINE:CVE-2021-38012", "ALPINE:CVE-2021-38015", "ALPINE:CVE-2021-38017", "ALPINE:CVE-2021-38018", "ALPINE:CVE-2021-38019", "ALPINE:CVE-2021-38021", "ALPINE:CVE-2021-38022", "ALPINE:CVE-2021-4098", "ALPINE:CVE-2021-4099", "ALPINE:CVE-2021-4101", "ALPINE:CVE-2022-0100", "ALPINE:CVE-2022-0102", "ALPINE:CVE-2022-0103", "ALPINE:CVE-2022-0104", "ALPINE:CVE-2022-0108", "ALPINE:CVE-2022-0109", "ALPINE:CVE-2022-0111", "ALPINE:CVE-2022-0113", "ALPINE:CVE-2022-0116", "ALPINE:CVE-2022-0117", "ALPINE:CVE-2022-0289", "ALPINE:CVE-2022-0291", "ALPINE:CVE-2022-0293", "ALPINE:CVE-2022-0298", "ALPINE:CVE-2022-0305", "ALPINE:CVE-2022-0306", "ALPINE:CVE-2022-0310"]}, {"type": "apple", "idList": ["APPLE:08DE176B86DAA09F8266D63196603C37", "APPLE:0E19F39ED87696979017DD0475ECA32E", "APPLE:753F950C07ED0D7DBFED1A9F81071A03", "APPLE:892077C6B27CF2C4732F0FC8E1D90189", "APPLE:8D1362426A1A094C3D36F7EE5ADF4FDD"]}, {"type": "archlinux", "idList": ["ASA-202107-47", "ASA-202107-74", "ASA-202108-4", "ASA-202108-5", "ASA-202108-6", "ASA-202109-6", "ASA-202110-2", "ASA-202110-7", "ASA-202110-8", "ASA-202111-4", "ASA-202111-8", "ASA-202111-9", "ASA-202112-1", "ASA-202112-2"]}, {"type": "attackerkb", "idList": ["AKB:16678767-3DE3-4BA4-8797-50D3F72B2B5C", "AKB:411A7B9E-A187-43CF-8DA1-E0E921F590D1", "AKB:624AC3C7-B310-4975-8649-2694A0CF4962", "AKB:795A9D93-F12E-4850-BD6A-5E10D1372B2C", "AKB:AC92E5DD-15E0-44E1-99A5-C1AED6D4703F", "AKB:C21CBC3B-DA85-49D2-A7A6-9061F5B01CF9", "AKB:D35B77A1-B787-4DAD-A906-5CA8A79C2F30", "AKB:D986B627-DA84-4C1B-8D20-5ADF751B05BF", "AKB:E19B9242-C88F-44D6-8AED-AFDFBCF99977"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:B6F052DA6F44A6D3C449552BB1B53A9A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0685", "CPAI-2021-1028", "CPAI-2021-1055", "CPAI-2021-1104", "CPAI-2021-1116"]}, {"type": "chrome", "idList": ["GCSA-1169691578072612224", "GCSA-1656672544346881992", "GCSA-2371492188806762489", "GCSA-2471449198019300311", "GCSA-2705646769654617144", "GCSA-2951730441638118565", "GCSA-3758141203538733592", "GCSA-4605650058444101231", "GCSA-53254084301211911", "GCSA-6006518675849485979", "GCSA-6082209000390727773", "GCSA-6179617491562660930", "GCSA-7342407883646540962", "GCSA-8146707100851062467", "GCSA-8579736825619455708"]}, {"type": "cisa", "idList": ["CISA:28B486B568E680DD9C27FB088FAEC3C7", "CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-30632", "CISA-KEV-CVE-2021-30633", "CISA-KEV-CVE-2021-37973", "CISA-KEV-CVE-2021-37975", "CISA-KEV-CVE-2021-37976", "CISA-KEV-CVE-2021-38000", "CISA-KEV-CVE-2021-38003", "CISA-KEV-CVE-2021-4102"]}, {"type": "cnvd", "idList": ["CNVD-2021-100599", "CNVD-2021-100600", "CNVD-2021-100601", "CNVD-2021-100602", "CNVD-2021-55918", "CNVD-2021-55919", "CNVD-2021-55920", "CNVD-2021-55921", "CNVD-2021-55922", "CNVD-2021-55923", "CNVD-2021-55924", "CNVD-2021-55925", "CNVD-2021-55926", "CNVD-2021-55927", "CNVD-2021-55928", "CNVD-2021-55929", "CNVD-2021-55930", "CNVD-2021-55931", "CNVD-2021-55932", "CNVD-2021-55933", "CNVD-2021-55934", "CNVD-2021-55935", "CNVD-2021-55936", "CNVD-2021-55937", "CNVD-2021-62166", "CNVD-2021-62167", "CNVD-2021-62168", "CNVD-2021-62169", "CNVD-2021-62183", "CNVD-2021-62184", "CNVD-2021-62185", "CNVD-2021-62186", "CNVD-2021-62187", "CNVD-2021-62188", "CNVD-2021-62189", "CNVD-2021-67538", "CNVD-2021-67539", "CNVD-2021-67540", "CNVD-2021-67541", "CNVD-2021-67542", "CNVD-2021-67543", "CNVD-2021-67544", "CNVD-2021-67545", "CNVD-2021-67546", "CNVD-2021-67547", "CNVD-2021-67548", "CNVD-2021-67549", "CNVD-2021-67550", "CNVD-2021-67551", "CNVD-2021-67552", "CNVD-2021-67553", "CNVD-2021-67554", "CNVD-2021-67555", "CNVD-2021-67556", "CNVD-2021-67557", "CNVD-2021-68452", "CNVD-2021-68453", "CNVD-2021-68454", "CNVD-2021-68455", "CNVD-2021-68456", "CNVD-2021-68457", "CNVD-2021-73415", "CNVD-2021-73416", "CNVD-2021-73418", "CNVD-2021-73419", "CNVD-2021-73420", "CNVD-2021-73421", "CNVD-2021-73423", "CNVD-2021-73424", "CNVD-2021-73425", "CNVD-2021-73426", "CNVD-2021-73427", "CNVD-2021-73428", "CNVD-2021-73429", "CNVD-2021-73430", "CNVD-2021-73431", "CNVD-2021-73432", "CNVD-2021-73433", "CNVD-2021-84800", "CNVD-2021-84801", "CNVD-2021-84802", "CNVD-2021-84803", "CNVD-2021-84804", "CNVD-2021-84805", "CNVD-2021-84806", "CNVD-2021-84807", "CNVD-2021-84808", "CNVD-2021-84809", "CNVD-2021-84810", "CNVD-2021-84811", "CNVD-2021-84812", "CNVD-2021-84813", "CNVD-2021-84814", "CNVD-2021-84815", "CNVD-2021-84817", "CNVD-2021-84818", "CNVD-2021-84819", "CNVD-2021-91284", "CNVD-2021-91285", "CNVD-2021-91286", "CNVD-2021-91287", "CNVD-2021-91288", "CNVD-2021-91289", "CNVD-2021-91290", "CNVD-2021-91291", "CNVD-2021-91292", "CNVD-2021-91293", "CNVD-2021-91294", "CNVD-2021-91295", "CNVD-2021-91296", "CNVD-2021-91297", "CNVD-2021-92808", "CNVD-2021-92809", "CNVD-2021-92831", "CNVD-2021-92832", "CNVD-2021-92833", "CNVD-2021-92834", "CNVD-2021-92835", "CNVD-2021-92836", "CNVD-2021-99260", "CNVD-2021-99261", "CNVD-2021-99262", "CNVD-2021-99263", "CNVD-2021-99264", "CNVD-2021-99277", "CNVD-2021-99278", "CNVD-2021-99279", "CNVD-2021-99288", "CNVD-2022-12740", "CNVD-2022-12741", "CNVD-2022-12742", "CNVD-2022-12743", "CNVD-2022-14875", "CNVD-2022-14876", "CNVD-2022-14877", "CNVD-2022-14878", "CNVD-2022-14879", "CNVD-2022-14880", "CNVD-2022-15133", "CNVD-2022-15134", "CNVD-2022-15135", "CNVD-2022-15136", "CNVD-2022-15137", "CNVD-2022-15138", "CNVD-2022-15139", "CNVD-2022-15140", "CNVD-2022-15141", "CNVD-2022-15142", "CNVD-2022-15143", "CNVD-2022-15154", "CNVD-2022-15155", "CNVD-2022-15156", "CNVD-2022-15157", "CNVD-2022-15158", "CNVD-2022-15159", "CNVD-2022-15160", "CNVD-2022-15161", "CNVD-2022-15162", "CNVD-2022-16301", "CNVD-2022-16302", "CNVD-2022-16303", "CNVD-2022-16304", "CNVD-2022-65570", "CNVD-2022-65571", "CNVD-2022-65572", "CNVD-2022-65573", "CNVD-2022-65574", "CNVD-2022-65575", "CNVD-2022-65576", "CNVD-2022-65577", "CNVD-2022-65578", "CNVD-2022-65579", "CNVD-2022-65580", "CNVD-2022-65581", "CNVD-2022-65582", "CNVD-2022-65583", "CNVD-2022-65584"]}, {"type": "cve", "idList": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5046-1:A18C0", "DEBIAN:DSA-5054-1:6F130", "DEBIAN:DSA-5396-1:6E347", "DEBIAN:DSA-5397-1:3771E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30565", "DEBIANCVE:CVE-2021-30566", "DEBIANCVE:CVE-2021-30567", "DEBIANCVE:CVE-2021-30568", "DEBIANCVE:CVE-2021-30569", "DEBIANCVE:CVE-2021-30571", "DEBIANCVE:CVE-2021-30572", "DEBIANCVE:CVE-2021-30573", "DEBIANCVE:CVE-2021-30574", "DEBIANCVE:CVE-2021-30575", "DEBIANCVE:CVE-2021-30576", "DEBIANCVE:CVE-2021-30577", "DEBIANCVE:CVE-2021-30578", "DEBIANCVE:CVE-2021-30579", "DEBIANCVE:CVE-2021-30580", "DEBIANCVE:CVE-2021-30581", "DEBIANCVE:CVE-2021-30582", "DEBIANCVE:CVE-2021-30583", "DEBIANCVE:CVE-2021-30584", "DEBIANCVE:CVE-2021-30585", "DEBIANCVE:CVE-2021-30586", "DEBIANCVE:CVE-2021-30587", "DEBIANCVE:CVE-2021-30588", "DEBIANCVE:CVE-2021-30589", "DEBIANCVE:CVE-2021-30590", "DEBIANCVE:CVE-2021-30591", "DEBIANCVE:CVE-2021-30592", "DEBIANCVE:CVE-2021-30593", "DEBIANCVE:CVE-2021-30594", "DEBIANCVE:CVE-2021-30596", "DEBIANCVE:CVE-2021-30597", "DEBIANCVE:CVE-2021-30598", "DEBIANCVE:CVE-2021-30599", "DEBIANCVE:CVE-2021-30600", "DEBIANCVE:CVE-2021-30601", "DEBIANCVE:CVE-2021-30602", "DEBIANCVE:CVE-2021-30603", "DEBIANCVE:CVE-2021-30604", "DEBIANCVE:CVE-2021-30606", "DEBIANCVE:CVE-2021-30607", "DEBIANCVE:CVE-2021-30608", "DEBIANCVE:CVE-2021-30609", "DEBIANCVE:CVE-2021-30610", "DEBIANCVE:CVE-2021-30611", "DEBIANCVE:CVE-2021-30612", "DEBIANCVE:CVE-2021-30613", "DEBIANCVE:CVE-2021-30614", "DEBIANCVE:CVE-2021-30615", "DEBIANCVE:CVE-2021-30616", "DEBIANCVE:CVE-2021-30617", "DEBIANCVE:CVE-2021-30618", "DEBIANCVE:CVE-2021-30619", "DEBIANCVE:CVE-2021-30620", "DEBIANCVE:CVE-2021-30621", "DEBIANCVE:CVE-2021-30622", "DEBIANCVE:CVE-2021-30623", "DEBIANCVE:CVE-2021-30624", "DEBIANCVE:CVE-2021-30625", "DEBIANCVE:CVE-2021-30626", "DEBIANCVE:CVE-2021-30627", "DEBIANCVE:CVE-2021-30628", "DEBIANCVE:CVE-2021-30629", "DEBIANCVE:CVE-2021-30630", "DEBIANCVE:CVE-2021-30632", "DEBIANCVE:CVE-2021-30633", "DEBIANCVE:CVE-2021-37956", "DEBIANCVE:CVE-2021-37957", "DEBIANCVE:CVE-2021-37958", "DEBIANCVE:CVE-2021-37959", "DEBIANCVE:CVE-2021-37961", "DEBIANCVE:CVE-2021-37962", "DEBIANCVE:CVE-2021-37963", "DEBIANCVE:CVE-2021-37965", "DEBIANCVE:CVE-2021-37966", "DEBIANCVE:CVE-2021-37967", "DEBIANCVE:CVE-2021-37968", "DEBIANCVE:CVE-2021-37970", "DEBIANCVE:CVE-2021-37971", "DEBIANCVE:CVE-2021-37973", "DEBIANCVE:CVE-2021-37974", "DEBIANCVE:CVE-2021-37975", "DEBIANCVE:CVE-2021-37976", "DEBIANCVE:CVE-2021-37977", "DEBIANCVE:CVE-2021-37978", "DEBIANCVE:CVE-2021-37979", "DEBIANCVE:CVE-2021-37981", "DEBIANCVE:CVE-2021-37982", "DEBIANCVE:CVE-2021-37983", "DEBIANCVE:CVE-2021-37984", "DEBIANCVE:CVE-2021-37985", "DEBIANCVE:CVE-2021-37986", "DEBIANCVE:CVE-2021-37987", "DEBIANCVE:CVE-2021-37988", "DEBIANCVE:CVE-2021-37989", "DEBIANCVE:CVE-2021-37990", "DEBIANCVE:CVE-2021-37991", "DEBIANCVE:CVE-2021-37992", "DEBIANCVE:CVE-2021-37993", "DEBIANCVE:CVE-2021-37994", "DEBIANCVE:CVE-2021-37995", "DEBIANCVE:CVE-2021-37996", "DEBIANCVE:CVE-2021-37997", "DEBIANCVE:CVE-2021-37998", "DEBIANCVE:CVE-2021-37999", "DEBIANCVE:CVE-2021-38000", "DEBIANCVE:CVE-2021-38001", "DEBIANCVE:CVE-2021-38002", "DEBIANCVE:CVE-2021-38003", "DEBIANCVE:CVE-2021-38005", "DEBIANCVE:CVE-2021-38006", "DEBIANCVE:CVE-2021-38007", "DEBIANCVE:CVE-2021-38008", "DEBIANCVE:CVE-2021-38009", "DEBIANCVE:CVE-2021-38010", "DEBIANCVE:CVE-2021-38011", "DEBIANCVE:CVE-2021-38012", "DEBIANCVE:CVE-2021-38013", "DEBIANCVE:CVE-2021-38014", "DEBIANCVE:CVE-2021-38015", "DEBIANCVE:CVE-2021-38016", "DEBIANCVE:CVE-2021-38017", "DEBIANCVE:CVE-2021-38018", "DEBIANCVE:CVE-2021-38019", "DEBIANCVE:CVE-2021-38020", "DEBIANCVE:CVE-2021-38021", "DEBIANCVE:CVE-2021-38022", "DEBIANCVE:CVE-2021-4098", "DEBIANCVE:CVE-2021-4099", "DEBIANCVE:CVE-2021-4100", "DEBIANCVE:CVE-2021-4101", "DEBIANCVE:CVE-2021-4102", "DEBIANCVE:CVE-2022-0096", "DEBIANCVE:CVE-2022-0097", "DEBIANCVE:CVE-2022-0098", "DEBIANCVE:CVE-2022-0099", "DEBIANCVE:CVE-2022-0100", "DEBIANCVE:CVE-2022-0101", "DEBIANCVE:CVE-2022-0102", "DEBIANCVE:CVE-2022-0103", "DEBIANCVE:CVE-2022-0104", "DEBIANCVE:CVE-2022-0105", "DEBIANCVE:CVE-2022-0106", "DEBIANCVE:CVE-2022-0107", "DEBIANCVE:CVE-2022-0108", "DEBIANCVE:CVE-2022-0109", "DEBIANCVE:CVE-2022-0110", "DEBIANCVE:CVE-2022-0111", "DEBIANCVE:CVE-2022-0112", "DEBIANCVE:CVE-2022-0113", "DEBIANCVE:CVE-2022-0114", "DEBIANCVE:CVE-2022-0115", "DEBIANCVE:CVE-2022-0116", "DEBIANCVE:CVE-2022-0117", "DEBIANCVE:CVE-2022-0118", "DEBIANCVE:CVE-2022-0120", "DEBIANCVE:CVE-2022-0289", "DEBIANCVE:CVE-2022-0290", "DEBIANCVE:CVE-2022-0291", "DEBIANCVE:CVE-2022-0292", "DEBIANCVE:CVE-2022-0293", "DEBIANCVE:CVE-2022-0294", "DEBIANCVE:CVE-2022-0295", "DEBIANCVE:CVE-2022-0296", "DEBIANCVE:CVE-2022-0297", "DEBIANCVE:CVE-2022-0298", "DEBIANCVE:CVE-2022-0300", "DEBIANCVE:CVE-2022-0301", "DEBIANCVE:CVE-2022-0302", "DEBIANCVE:CVE-2022-0303", "DEBIANCVE:CVE-2022-0304", "DEBIANCVE:CVE-2022-0305", "DEBIANCVE:CVE-2022-0306", "DEBIANCVE:CVE-2022-0307", "DEBIANCVE:CVE-2022-0308", "DEBIANCVE:CVE-2022-0309", "DEBIANCVE:CVE-2022-0310", "DEBIANCVE:CVE-2022-0311"]}, {"type": "fedora", "idList": ["FEDORA:0AA80217E4B2", "FEDORA:12FCA30F5428", "FEDORA:1E8AD3056996", "FEDORA:210C430584A5", "FEDORA:4CD8430AA7AD", "FEDORA:54EF9304CB93", "FEDORA:59B6820C6D43", "FEDORA:5A5E120C65F1", "FEDORA:5C0DB31397D8", "FEDORA:6E174304C6DC", "FEDORA:75CA430AA7A6", "FEDORA:7AA7C307F074", "FEDORA:9952031143B1", "FEDORA:B923630946D6", "FEDORA:BC8983072E0A", "FEDORA:BD29330987FD", "FEDORA:BE52E30CCCAA", "FEDORA:D72E230C6791", "FEDORA:E043930AE6E8"]}, {"type": "freebsd", "idList": ["128DEBA6-FF56-11EB-8514-3065EC8FD3EC", "3551E106-1B17-11EC-A8A7-704D7B472482", "47B571F2-157B-11EC-AE98-704D7B472482", "51496CBC-7A0E-11EC-A323-3065EC8FD3EC", "76487640-EA29-11EB-A686-3065EC8FD3EC", "777EDBBE-2230-11EC-8869-704D7B472482", "7D3D94D3-2810-11EC-9C51-3065EC8FD3EC", "976D7BF9-38EA-11EC-B3B0-3065EC8FD3EC", "9EECCBF3-6E26-11EC-BB10-3065EC8FD3EC", "A7732806-0B2A-11EC-836B-3065EC8FD3EC", "B6C875F1-1D76-11EC-AE80-704D7B472482", "B8C0CBCA-472D-11EC-83DC-3065EC8FD3EC", "BDAECFAD-3117-11EC-B3B0-3065EC8FD3EC", "C3C6C4A3-F47D-11EB-B632-3065EC8FD3EC", "FB9BA490-5CC4-11EC-AAC7-3065EC8FD3EC"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["07422776-E872-566B-BA69-08250EF06A7B", "32BEE5C7-0E79-59A0-BA93-AB01FA18AF14", "5BC9FD05-BCBB-5B7C-AE22-BE3732D2976B", "795FA590-8E97-5C33-A401-7C3EFECA9A25", "C2541EBF-1196-56DE-A74C-2B851CA3CE08", "D03F8616-CD02-52E2-80E1-347A8A3132BC", "D210EB39-6ACF-5BE7-9DDB-17248A36E11D", "DC861906-BAE5-5FEB-8859-71106ED11E94", "E860E27F-13A7-53D6-8B01-C4391764E6F3"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039", "HIVEPRO:E94A0D5F817307E8C9D45F52D6A000D1", "HIVEPRO:F0E08A7B0A92ED0929AD9DE27F33C527", "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "ibm", "idList": ["4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9"]}, {"type": "kaspersky", "idList": ["KLA12236", "KLA12243", "KLA12249", "KLA12267", "KLA12271", "KLA12284", "KLA12296", "KLA12299", "KLA12301", "KLA12307", "KLA12329", "KLA12333", "KLA12351", "KLA12382", "KLA12411", "KLA12413", "KLA12430"]}, {"type": "mageia", "idList": ["MGASA-2021-0458", "MGASA-2021-0565", "MGASA-2022-0043", "MGASA-2022-0050", "MGASA-2023-0177"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1151D0D15101B94C9C41B6DCAFD58AD5", "MALWAREBYTES:1BBB147ADD90DF3A3483E6805D78B6A6", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "MALWAREBYTES:3EAF616381CA068D86347AB0BE88B0A2"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30565", "MS:CVE-2021-30566", "MS:CVE-2021-30567", "MS:CVE-2021-30568", "MS:CVE-2021-30569", "MS:CVE-2021-30571", "MS:CVE-2021-30572", "MS:CVE-2021-30573", "MS:CVE-2021-30574", "MS:CVE-2021-30575", "MS:CVE-2021-30576", "MS:CVE-2021-30577", "MS:CVE-2021-30578", "MS:CVE-2021-30579", "MS:CVE-2021-30580", "MS:CVE-2021-30581", "MS:CVE-2021-30582", "MS:CVE-2021-30583", "MS:CVE-2021-30584", "MS:CVE-2021-30585", "MS:CVE-2021-30586", "MS:CVE-2021-30587", "MS:CVE-2021-30588", "MS:CVE-2021-30589", "MS:CVE-2021-30590", "MS:CVE-2021-30591", "MS:CVE-2021-30592", "MS:CVE-2021-30593", "MS:CVE-2021-30594", "MS:CVE-2021-30596", "MS:CVE-2021-30597", "MS:CVE-2021-30598", "MS:CVE-2021-30599", "MS:CVE-2021-30601", "MS:CVE-2021-30602", "MS:CVE-2021-30603", "MS:CVE-2021-30604", "MS:CVE-2021-30606", "MS:CVE-2021-30607", "MS:CVE-2021-30608", "MS:CVE-2021-30609", "MS:CVE-2021-30610", "MS:CVE-2021-30611", "MS:CVE-2021-30612", "MS:CVE-2021-30613", "MS:CVE-2021-30614", "MS:CVE-2021-30615", "MS:CVE-2021-30616", "MS:CVE-2021-30617", "MS:CVE-2021-30618", "MS:CVE-2021-30619", "MS:CVE-2021-30620", "MS:CVE-2021-30621", "MS:CVE-2021-30622", "MS:CVE-2021-30623", "MS:CVE-2021-30624", "MS:CVE-2021-30625", "MS:CVE-2021-30626", "MS:CVE-2021-30627", "MS:CVE-2021-30628", "MS:CVE-2021-30629", "MS:CVE-2021-30630", "MS:CVE-2021-30631", "MS:CVE-2021-30632", "MS:CVE-2021-30633", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37962", "MS:CVE-2021-37963", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37967", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37973", "MS:CVE-2021-37974", "MS:CVE-2021-37975", "MS:CVE-2021-37976", "MS:CVE-2021-37977", "MS:CVE-2021-37978", "MS:CVE-2021-37979", "MS:CVE-2021-37981", "MS:CVE-2021-37982", "MS:CVE-2021-37983", "MS:CVE-2021-37984", "MS:CVE-2021-37985", "MS:CVE-2021-37986", "MS:CVE-2021-37987", "MS:CVE-2021-37988", "MS:CVE-2021-37989", "MS:CVE-2021-37990", "MS:CVE-2021-37991", "MS:CVE-2021-37992", "MS:CVE-2021-37993", "MS:CVE-2021-37994", "MS:CVE-2021-37995", "MS:CVE-2021-37996", "MS:CVE-2021-37997", "MS:CVE-2021-37998", "MS:CVE-2021-37999", "MS:CVE-2021-38000", "MS:CVE-2021-38001", "MS:CVE-2021-38002", "MS:CVE-2021-38003", "MS:CVE-2021-38005", "MS:CVE-2021-38006", "MS:CVE-2021-38007", "MS:CVE-2021-38008", "MS:CVE-2021-38009", "MS:CVE-2021-38010", "MS:CVE-2021-38011", "MS:CVE-2021-38012", "MS:CVE-2021-38013", "MS:CVE-2021-38014", "MS:CVE-2021-38015", "MS:CVE-2021-38016", "MS:CVE-2021-38017", "MS:CVE-2021-38018", "MS:CVE-2021-38019", "MS:CVE-2021-38020", "MS:CVE-2021-38021", "MS:CVE-2021-38022", "MS:CVE-2021-4098", "MS:CVE-2021-4099", "MS:CVE-2021-4100", "MS:CVE-2021-4101", "MS:CVE-2021-4102", "MS:CVE-2022-0096", "MS:CVE-2022-0097", "MS:CVE-2022-0098", "MS:CVE-2022-0099", "MS:CVE-2022-0100", "MS:CVE-2022-0101", "MS:CVE-2022-0102", "MS:CVE-2022-0103", "MS:CVE-2022-0104", "MS:CVE-2022-0105", "MS:CVE-2022-0106", "MS:CVE-2022-0107", "MS:CVE-2022-0108", "MS:CVE-2022-0109", "MS:CVE-2022-0110", "MS:CVE-2022-0111", "MS:CVE-2022-0112", "MS:CVE-2022-0113", "MS:CVE-2022-0114", "MS:CVE-2022-0115", "MS:CVE-2022-0116", "MS:CVE-2022-0117", "MS:CVE-2022-0118", "MS:CVE-2022-0120", "MS:CVE-2022-0289", "MS:CVE-2022-0290", "MS:CVE-2022-0291", "MS:CVE-2022-0292", "MS:CVE-2022-0293", "MS:CVE-2022-0294", "MS:CVE-2022-0295", "MS:CVE-2022-0296", "MS:CVE-2022-0297", "MS:CVE-2022-0298", "MS:CVE-2022-0300", "MS:CVE-2022-0301", "MS:CVE-2022-0302", "MS:CVE-2022-0303", "MS:CVE-2022-0304", "MS:CVE-2022-0305", "MS:CVE-2022-0306", "MS:CVE-2022-0307", "MS:CVE-2022-0308", "MS:CVE-2022-0309", "MS:CVE-2022-0310", "MS:CVE-2022-0311"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-3419.NASL", "DEBIAN_DSA-5046.NASL", "DEBIAN_DSA-5396.NASL", "DEBIAN_DSA-5397.NASL", "FEDORA_2021-116EFF380F.NASL", "FEDORA_2023-5B61346BBE.NASL", "FEDORA_2023-8900B35C6F.NASL", "FEDORA_2023-A4BBF02A57.NASL", "FREEBSD_PKG_128DEBA6FF5611EB85143065EC8FD3EC.NASL", "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "FREEBSD_PKG_777EDBBE223011EC8869704D7B472482.NASL", "FREEBSD_PKG_7D3D94D3281011EC9C513065EC8FD3EC.NASL", "FREEBSD_PKG_976D7BF938EA11ECB3B03065EC8FD3EC.NASL", "FREEBSD_PKG_9EECCBF36E2611ECBB103065EC8FD3EC.NASL", "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "FREEBSD_PKG_B6C875F11D7611ECAE80704D7B472482.NASL", "FREEBSD_PKG_BDAECFAD311711ECB3B03065EC8FD3EC.NASL", "FREEBSD_PKG_C3C6C4A3F47D11EBB6323065EC8FD3EC.NASL", "FREEBSD_PKG_FB9BA4905CC411ECAAC73065EC8FD3EC.NASL", "GENTOO_GLSA-202201-02.NASL", "GOOGLE_CHROME_92_0_4515_107.NASL", "GOOGLE_CHROME_92_0_4515_131.NASL", "GOOGLE_CHROME_92_0_4515_159.NASL", "GOOGLE_CHROME_93_0_4577_63.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_94_0_4606_71.NASL", "GOOGLE_CHROME_94_0_4606_81.NASL", "GOOGLE_CHROME_95_0_4638_54.NASL", "GOOGLE_CHROME_95_0_4638_69.NASL", "GOOGLE_CHROME_96_0_4664_110.NASL", "GOOGLE_CHROME_96_0_4664_45.NASL", "GOOGLE_CHROME_97_0_4692_71.NASL", "GOOGLE_CHROME_97_0_4692_99.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_131.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_159.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_71.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_81.NASL", "MACOSX_GOOGLE_CHROME_95_0_4638_54.NASL", "MACOSX_GOOGLE_CHROME_95_0_4638_69.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_110.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "MACOSX_GOOGLE_CHROME_97_0_4692_71.NASL", "MACOSX_GOOGLE_CHROME_97_0_4692_99.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_55.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_67.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_78.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_38.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_38.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_47.NASL", "MICROSOFT_EDGE_CHROMIUM_95_0_1020_30.NASL", "MICROSOFT_EDGE_CHROMIUM_95_0_1020_40.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1052_29.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1054_29.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1054_57.NASL", "MICROSOFT_EDGE_CHROMIUM_97_0_1072_55.NASL", "MICROSOFT_EDGE_CHROMIUM_97_0_1072_69.NASL", "OPENSUSE-2021-1131.NASL", "OPENSUSE-2021-1144.NASL", "OPENSUSE-2021-1172.NASL", "OPENSUSE-2021-1180.NASL", "OPENSUSE-2021-1209.NASL", "OPENSUSE-2021-1221.NASL", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "OPENSUSE-2021-1310.NASL", "OPENSUSE-2021-1330.NASL", "OPENSUSE-2021-1339.NASL", "OPENSUSE-2021-1350.NASL", "OPENSUSE-2021-1358.NASL", "OPENSUSE-2021-1392.NASL", "OPENSUSE-2021-1396.NASL", "OPENSUSE-2021-1433.NASL", "OPENSUSE-2021-1462.NASL", "OPENSUSE-2021-1488.NASL", "OPENSUSE-2021-1582.NASL", "OPENSUSE-2021-1600.NASL", "OPENSUSE-2021-1632.NASL", "OPENSUSE-2022-0014-1.NASL", "OPENSUSE-2022-0019-1.NASL", "OPENSUSE-2022-0070-1.NASL", "SUSE_SU-2023-2056-1.NASL", "SUSE_SU-2023-2065-1.NASL", "SUSE_SU-2023-2077-1.NASL", "SUSE_SU-2023-2078-1.NASL", "UBUNTU_USN-6061-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-3419-1", "OSV:DSA-5046-1", "OSV:DSA-5054-1", "OSV:DSA-5396-1", "OSV:DSA-5397-1"]}, {"type": "photon", "idList": ["PHSA-2023-3.0-0602"]}, {"type": "prion", "idList": ["PRION:CVE-2021-30565", "PRION:CVE-2021-30566", "PRION:CVE-2021-30567", "PRION:CVE-2021-30568", "PRION:CVE-2021-30569", "PRION:CVE-2021-30571", "PRION:CVE-2021-30572", "PRION:CVE-2021-30573", "PRION:CVE-2021-30574", "PRION:CVE-2021-30575", "PRION:CVE-2021-30576", "PRION:CVE-2021-30577", "PRION:CVE-2021-30578", "PRION:CVE-2021-30579", "PRION:CVE-2021-30580", "PRION:CVE-2021-30581", "PRION:CVE-2021-30582", "PRION:CVE-2021-30583", "PRION:CVE-2021-30584", "PRION:CVE-2021-30585", "PRION:CVE-2021-30586", "PRION:CVE-2021-30587", "PRION:CVE-2021-30588", "PRION:CVE-2021-30589", "PRION:CVE-2021-30590", "PRION:CVE-2021-30591", "PRION:CVE-2021-30592", "PRION:CVE-2021-30593", "PRION:CVE-2021-30594", "PRION:CVE-2021-30596", "PRION:CVE-2021-30597", "PRION:CVE-2021-30598", "PRION:CVE-2021-30599", "PRION:CVE-2021-30600", "PRION:CVE-2021-30601", "PRION:CVE-2021-30602", "PRION:CVE-2021-30603", "PRION:CVE-2021-30604", "PRION:CVE-2021-30606", "PRION:CVE-2021-30607", "PRION:CVE-2021-30608", "PRION:CVE-2021-30609", "PRION:CVE-2021-30610", "PRION:CVE-2021-30611", "PRION:CVE-2021-30612", "PRION:CVE-2021-30613", "PRION:CVE-2021-30614", "PRION:CVE-2021-30615", "PRION:CVE-2021-30616", "PRION:CVE-2021-30617", "PRION:CVE-2021-30618", "PRION:CVE-2021-30619", "PRION:CVE-2021-30620", "PRION:CVE-2021-30621", "PRION:CVE-2021-30622", "PRION:CVE-2021-30623", "PRION:CVE-2021-30624", "PRION:CVE-2021-30625", "PRION:CVE-2021-30626", "PRION:CVE-2021-30627", "PRION:CVE-2021-30628", "PRION:CVE-2021-30629", "PRION:CVE-2021-30630", "PRION:CVE-2021-30632", "PRION:CVE-2021-30633", "PRION:CVE-2021-37956", "PRION:CVE-2021-37957", "PRION:CVE-2021-37958", "PRION:CVE-2021-37959", "PRION:CVE-2021-37961", "PRION:CVE-2021-37962", "PRION:CVE-2021-37963", "PRION:CVE-2021-37965", "PRION:CVE-2021-37966", "PRION:CVE-2021-37967", "PRION:CVE-2021-37968", "PRION:CVE-2021-37970", "PRION:CVE-2021-37971", "PRION:CVE-2021-37973", "PRION:CVE-2021-37974", "PRION:CVE-2021-37975", "PRION:CVE-2021-37976", "PRION:CVE-2021-37977", "PRION:CVE-2021-37978", "PRION:CVE-2021-37979", "PRION:CVE-2021-37981", "PRION:CVE-2021-37982", "PRION:CVE-2021-37983", "PRION:CVE-2021-37984", "PRION:CVE-2021-37985", "PRION:CVE-2021-37986", "PRION:CVE-2021-37987", "PRION:CVE-2021-37988", "PRION:CVE-2021-37989", "PRION:CVE-2021-37990", "PRION:CVE-2021-37991", "PRION:CVE-2021-37992", "PRION:CVE-2021-37993", "PRION:CVE-2021-37994", "PRION:CVE-2021-37995", "PRION:CVE-2021-37996", "PRION:CVE-2021-37997", "PRION:CVE-2021-37998", "PRION:CVE-2021-37999", "PRION:CVE-2021-38000", "PRION:CVE-2021-38001", "PRION:CVE-2021-38002", "PRION:CVE-2021-38003", "PRION:CVE-2021-38005", "PRION:CVE-2021-38006", "PRION:CVE-2021-38007", "PRION:CVE-2021-38008", "PRION:CVE-2021-38009", "PRION:CVE-2021-38010", "PRION:CVE-2021-38011", "PRION:CVE-2021-38012", "PRION:CVE-2021-38013", "PRION:CVE-2021-38014", "PRION:CVE-2021-38015", "PRION:CVE-2021-38016", "PRION:CVE-2021-38017", "PRION:CVE-2021-38018", "PRION:CVE-2021-38019", "PRION:CVE-2021-38020", "PRION:CVE-2021-38021", "PRION:CVE-2021-38022", "PRION:CVE-2021-4098", "PRION:CVE-2021-4099", "PRION:CVE-2021-4100", "PRION:CVE-2021-4101", "PRION:CVE-2021-4102", "PRION:CVE-2022-0096", "PRION:CVE-2022-0097", "PRION:CVE-2022-0098", "PRION:CVE-2022-0099", "PRION:CVE-2022-0100", "PRION:CVE-2022-0101", "PRION:CVE-2022-0102", "PRION:CVE-2022-0103", "PRION:CVE-2022-0104", "PRION:CVE-2022-0105", "PRION:CVE-2022-0106", "PRION:CVE-2022-0107", "PRION:CVE-2022-0108", "PRION:CVE-2022-0109", "PRION:CVE-2022-0110", "PRION:CVE-2022-0111", "PRION:CVE-2022-0112", "PRION:CVE-2022-0113", "PRION:CVE-2022-0114", "PRION:CVE-2022-0115", "PRION:CVE-2022-0116", "PRION:CVE-2022-0117", "PRION:CVE-2022-0118", "PRION:CVE-2022-0120", "PRION:CVE-2022-0289", "PRION:CVE-2022-0290", "PRION:CVE-2022-0291", "PRION:CVE-2022-0292", "PRION:CVE-2022-0293", "PRION:CVE-2022-0294", "PRION:CVE-2022-0295", "PRION:CVE-2022-0296", "PRION:CVE-2022-0297", "PRION:CVE-2022-0298", "PRION:CVE-2022-0300", "PRION:CVE-2022-0301", "PRION:CVE-2022-0302", "PRION:CVE-2022-0304", "PRION:CVE-2022-0305", "PRION:CVE-2022-0306", "PRION:CVE-2022-0307", "PRION:CVE-2022-0308", "PRION:CVE-2022-0309", "PRION:CVE-2022-0310", "PRION:CVE-2022-0311"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:20364300767E58631FFE0D21622E63A3", "RAPID7BLOG:73EAE8A2825E9B6764F314122B4E5F25", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30577", "RH:CVE-2021-30586", "RH:CVE-2021-30598", "RH:CVE-2021-30610", "RH:CVE-2021-30616", "RH:CVE-2021-30621", "RH:CVE-2021-30624", "RH:CVE-2021-37959", "RH:CVE-2021-37961", "RH:CVE-2021-37970", "RH:CVE-2021-37975", "RH:CVE-2021-37981", "RH:CVE-2021-37984", "RH:CVE-2021-38000", "RH:CVE-2021-38009", "RH:CVE-2022-0096", "RH:CVE-2022-0103", "RH:CVE-2022-0118", "RH:CVE-2022-0303", "RH:CVE-2022-0304", "RH:CVE-2022-0305", "RH:CVE-2022-0307", "RH:CVE-2022-0310"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1131-1", "OPENSUSE-SU-2021:1144-1", "OPENSUSE-SU-2021:1172-1", "OPENSUSE-SU-2021:1180-1", "OPENSUSE-SU-2021:1209-1", "OPENSUSE-SU-2021:1221-1", "OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1310-1", "OPENSUSE-SU-2021:1330-1", "OPENSUSE-SU-2021:1339-1", "OPENSUSE-SU-2021:1350-1", "OPENSUSE-SU-2021:1358-1", "OPENSUSE-SU-2021:1392-1", "OPENSUSE-SU-2021:1396-1", "OPENSUSE-SU-2021:1433-1", "OPENSUSE-SU-2021:1434-1", "OPENSUSE-SU-2021:1462-1", "OPENSUSE-SU-2021:1488-1", "OPENSUSE-SU-2021:1489-1", "OPENSUSE-SU-2021:1582-1", "OPENSUSE-SU-2021:1600-1", "OPENSUSE-SU-2021:1632-1", "OPENSUSE-SU-2022:0014-1", "OPENSUSE-SU-2022:0019-1", "OPENSUSE-SU-2022:0047-1", "OPENSUSE-SU-2022:0070-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "talos", "idList": ["TALOS-2021-1348", "TALOS-2021-1352", "TALOS-2021-1372", "TALOS-2021-1398"]}, {"type": "talosblog", "idList": ["TALOSBLOG:19A970885FC181F6A961E85781A8A818"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:5DCF4FF1D8F641348F799D406F8DB1F1", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7323080B670457C9B10250332ADE8B87", "THN:B7217784F9D53002315C9C43CCC73766", "THN:C6CED16C5E8707F2EF9BD08516F7456C"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:C6B47B678F2F0E21955D4053DE13FA64"]}, {"type": "ubuntu", "idList": ["USN-6061-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30565", "UB:CVE-2021-30566", "UB:CVE-2021-30567", "UB:CVE-2021-30568", "UB:CVE-2021-30569", "UB:CVE-2021-30571", "UB:CVE-2021-30572", "UB:CVE-2021-30573", "UB:CVE-2021-30574", "UB:CVE-2021-30575", "UB:CVE-2021-30576", "UB:CVE-2021-30577", "UB:CVE-2021-30578", "UB:CVE-2021-30579", "UB:CVE-2021-30580", "UB:CVE-2021-30581", "UB:CVE-2021-30582", "UB:CVE-2021-30583", "UB:CVE-2021-30584", "UB:CVE-2021-30585", "UB:CVE-2021-30586", "UB:CVE-2021-30587", "UB:CVE-2021-30588", "UB:CVE-2021-30589", "UB:CVE-2021-30590", "UB:CVE-2021-30591", "UB:CVE-2021-30592", "UB:CVE-2021-30593", "UB:CVE-2021-30594", "UB:CVE-2021-30596", "UB:CVE-2021-30597", "UB:CVE-2021-30598", "UB:CVE-2021-30599", "UB:CVE-2021-30600", "UB:CVE-2021-30601", "UB:CVE-2021-30602", "UB:CVE-2021-30603", "UB:CVE-2021-30604", "UB:CVE-2021-30606", "UB:CVE-2021-30607", "UB:CVE-2021-30608", "UB:CVE-2021-30609", "UB:CVE-2021-30610", "UB:CVE-2021-30611", "UB:CVE-2021-30612", "UB:CVE-2021-30613", "UB:CVE-2021-30614", "UB:CVE-2021-30615", "UB:CVE-2021-30616", "UB:CVE-2021-30617", "UB:CVE-2021-30618", "UB:CVE-2021-30619", "UB:CVE-2021-30620", "UB:CVE-2021-30621", "UB:CVE-2021-30622", "UB:CVE-2021-30623", "UB:CVE-2021-30624", "UB:CVE-2021-30625", "UB:CVE-2021-30626", "UB:CVE-2021-30627", "UB:CVE-2021-30628", "UB:CVE-2021-30629", "UB:CVE-2021-30630", "UB:CVE-2021-30631", "UB:CVE-2021-30632", "UB:CVE-2021-30633", "UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37961", "UB:CVE-2021-37962", "UB:CVE-2021-37963", "UB:CVE-2021-37965", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37973", "UB:CVE-2021-37974", "UB:CVE-2021-37975", "UB:CVE-2021-37976", "UB:CVE-2021-37977", "UB:CVE-2021-37978", "UB:CVE-2021-37979", "UB:CVE-2021-37981", "UB:CVE-2021-37982", "UB:CVE-2021-37983", "UB:CVE-2021-37984", "UB:CVE-2021-37985", "UB:CVE-2021-37986", "UB:CVE-2021-37987", "UB:CVE-2021-37988", "UB:CVE-2021-37989", "UB:CVE-2021-37990", "UB:CVE-2021-37991", "UB:CVE-2021-37992", "UB:CVE-2021-37993", "UB:CVE-2021-37994", "UB:CVE-2021-37995", "UB:CVE-2021-37996", "UB:CVE-2021-37997", "UB:CVE-2021-37998", "UB:CVE-2021-37999", "UB:CVE-2021-38000", "UB:CVE-2021-38001", "UB:CVE-2021-38002", "UB:CVE-2021-38003", "UB:CVE-2021-38005", "UB:CVE-2021-38006", "UB:CVE-2021-38007", "UB:CVE-2021-38008", "UB:CVE-2021-38009", "UB:CVE-2021-38010", "UB:CVE-2021-38011", "UB:CVE-2021-38012", "UB:CVE-2021-38013", "UB:CVE-2021-38014", "UB:CVE-2021-38015", "UB:CVE-2021-38016", "UB:CVE-2021-38017", "UB:CVE-2021-38018", "UB:CVE-2021-38019", "UB:CVE-2021-38020", "UB:CVE-2021-38021", "UB:CVE-2021-38022", "UB:CVE-2021-4098", "UB:CVE-2021-4099", "UB:CVE-2021-4100", "UB:CVE-2021-4101", "UB:CVE-2021-4102", "UB:CVE-2022-0096", "UB:CVE-2022-0097", "UB:CVE-2022-0098", "UB:CVE-2022-0099", "UB:CVE-2022-0100", "UB:CVE-2022-0101", "UB:CVE-2022-0102", "UB:CVE-2022-0103", "UB:CVE-2022-0104", "UB:CVE-2022-0105", "UB:CVE-2022-0106", "UB:CVE-2022-0107", "UB:CVE-2022-0108", "UB:CVE-2022-0109", "UB:CVE-2022-0110", "UB:CVE-2022-0111", "UB:CVE-2022-0112", "UB:CVE-2022-0113", "UB:CVE-2022-0114", "UB:CVE-2022-0115", "UB:CVE-2022-0116", "UB:CVE-2022-0117", "UB:CVE-2022-0118", "UB:CVE-2022-0120", "UB:CVE-2022-0289", "UB:CVE-2022-0290", "UB:CVE-2022-0291", "UB:CVE-2022-0292", "UB:CVE-2022-0293", "UB:CVE-2022-0294", "UB:CVE-2022-0295", "UB:CVE-2022-0296", "UB:CVE-2022-0297", "UB:CVE-2022-0298", "UB:CVE-2022-0300", "UB:CVE-2022-0301", "UB:CVE-2022-0302", "UB:CVE-2022-0303", "UB:CVE-2022-0304", "UB:CVE-2022-0305", "UB:CVE-2022-0306", "UB:CVE-2022-0307", "UB:CVE-2022-0308", "UB:CVE-2022-0309", "UB:CVE-2022-0310", "UB:CVE-2022-0311"]}, {"type": "veracode", "idList": ["VERACODE:31311", "VERACODE:31312", "VERACODE:31313", "VERACODE:31318", "VERACODE:31319", "VERACODE:31328", "VERACODE:31329", "VERACODE:31330", "VERACODE:31333", "VERACODE:31334", "VERACODE:31335", "VERACODE:31839", "VERACODE:31840", "VERACODE:31841", "VERACODE:31842", "VERACODE:31843", "VERACODE:31900", "VERACODE:31901", "VERACODE:31902", "VERACODE:31903", "VERACODE:31904", "VERACODE:31905", "VERACODE:31906", "VERACODE:31910", "VERACODE:31911", "VERACODE:32086", "VERACODE:32087", "VERACODE:32088", "VERACODE:32089", "VERACODE:32090", "VERACODE:32091", "VERACODE:32092", "VERACODE:32093", "VERACODE:32094", "VERACODE:32095", "VERACODE:32096", "VERACODE:32097", "VERACODE:32098", "VERACODE:32099", "VERACODE:32100", "VERACODE:32101", "VERACODE:32102", "VERACODE:32103", "VERACODE:32104", "VERACODE:32105", "VERACODE:32106", "VERACODE:32107", "VERACODE:32108", "VERACODE:32112", "VERACODE:32113", "VERACODE:32114", "VERACODE:32115", "VERACODE:32410", "VERACODE:32411", "VERACODE:32412", "VERACODE:32413", "VERACODE:32414", "VERACODE:32415", "VERACODE:32416", "VERACODE:32418", "VERACODE:32419", "VERACODE:32420", "VERACODE:32421", "VERACODE:32423", "VERACODE:32424", "VERACODE:32426", "VERACODE:32427", "VERACODE:32428", "VERACODE:32429", "VERACODE:32659", "VERACODE:32660", "VERACODE:32863", "VERACODE:32864", "VERACODE:32865", "VERACODE:32866", "VERACODE:32867", "VERACODE:32868", "VERACODE:32869", "VERACODE:32870", "VERACODE:32871", "VERACODE:32872", "VERACODE:32873", "VERACODE:32874", "VERACODE:32875", "VERACODE:32876", "VERACODE:32877", "VERACODE:32878", "VERACODE:32879", "VERACODE:32880", "VERACODE:32881", "VERACODE:32882", "VERACODE:32883", "VERACODE:32884", "VERACODE:32885", "VERACODE:33056", "VERACODE:33258", "VERACODE:33259", "VERACODE:33260", "VERACODE:33261", "VERACODE:33262", "VERACODE:33263", "VERACODE:33264", "VERACODE:33265", "VERACODE:33266", "VERACODE:33267", "VERACODE:33268", "VERACODE:33433", "VERACODE:33445", "VERACODE:33446", "VERACODE:33661", "VERACODE:33662", "VERACODE:33663", "VERACODE:33664", "VERACODE:33665", "VERACODE:33666", "VERACODE:33667", "VERACODE:33668", "VERACODE:33669", "VERACODE:33670", "VERACODE:33671", "VERACODE:33672", "VERACODE:33673", "VERACODE:33674", "VERACODE:33675", "VERACODE:33676", "VERACODE:33677", "VERACODE:33678", "VERACODE:33679", "VERACODE:33680", "VERACODE:33681", "VERACODE:33682", "VERACODE:33683", "VERACODE:33684", "VERACODE:33685", "VERACODE:33686", "VERACODE:33687", "VERACODE:33688", "VERACODE:33689", "VERACODE:33690", "VERACODE:33691", "VERACODE:33784", "VERACODE:33785", "VERACODE:33833", "VERACODE:33834", "VERACODE:33835", "VERACODE:33836", "VERACODE:33837", "VERACODE:33838", "VERACODE:33839", "VERACODE:33840", "VERACODE:33841", "VERACODE:33842", "VERACODE:33843", "VERACODE:33844", "VERACODE:33845", "VERACODE:33846", "VERACODE:33847", "VERACODE:33848", "VERACODE:33849", "VERACODE:33850", "VERACODE:33851", "VERACODE:33852", "VERACODE:33853", "VERACODE:33854"]}]}, "score": {"value": 8.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202107-47", "ASA-202107-74", "ASA-202108-4", "ASA-202108-5", "ASA-202108-6", "ASA-202109-6", "ASA-202111-8", "ASA-202111-9"]}, {"type": "attackerkb", "idList": ["AKB:16678767-3DE3-4BA4-8797-50D3F72B2B5C"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0685"]}, {"type": "chrome", "idList": ["GCSA-1169691578072612224", "GCSA-1656672544346881992", "GCSA-2371492188806762489", "GCSA-2471449198019300311", "GCSA-2705646769654617144", "GCSA-4605650058444101231", "GCSA-53254084301211911", "GCSA-6006518675849485979", "GCSA-6082209000390727773", "GCSA-6179617491562660930", "GCSA-7342407883646540962", "GCSA-8146707100851062467", "GCSA-8579736825619455708"]}, {"type": "cisa", "idList": ["CISA:A18F08DE3E2F1C8CB8076BD5F052EFA3"]}, {"type": "cve", "idList": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30631", "CVE-2021-37960", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5046-1:A18C0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30565", "DEBIANCVE:CVE-2021-30566", "DEBIANCVE:CVE-2021-30567", "DEBIANCVE:CVE-2021-30568", "DEBIANCVE:CVE-2021-30569", "DEBIANCVE:CVE-2021-30571", "DEBIANCVE:CVE-2021-30572", "DEBIANCVE:CVE-2021-30573", "DEBIANCVE:CVE-2021-30574", "DEBIANCVE:CVE-2021-30575", "DEBIANCVE:CVE-2021-30576", "DEBIANCVE:CVE-2021-30577", "DEBIANCVE:CVE-2021-30578", "DEBIANCVE:CVE-2021-30579", "DEBIANCVE:CVE-2021-30580", "DEBIANCVE:CVE-2021-30581", "DEBIANCVE:CVE-2021-30582", "DEBIANCVE:CVE-2021-30583", "DEBIANCVE:CVE-2021-30584", "DEBIANCVE:CVE-2021-30585", "DEBIANCVE:CVE-2021-30586", "DEBIANCVE:CVE-2021-30587", "DEBIANCVE:CVE-2021-30588", "DEBIANCVE:CVE-2021-30589", "DEBIANCVE:CVE-2021-30590", "DEBIANCVE:CVE-2021-30591", "DEBIANCVE:CVE-2021-30592", "DEBIANCVE:CVE-2021-30593", "DEBIANCVE:CVE-2021-30594", "DEBIANCVE:CVE-2021-30596", "DEBIANCVE:CVE-2021-30597", "DEBIANCVE:CVE-2021-30598", "DEBIANCVE:CVE-2021-30599", "DEBIANCVE:CVE-2021-30600", "DEBIANCVE:CVE-2021-30601", "DEBIANCVE:CVE-2021-30602", "DEBIANCVE:CVE-2021-30603", "DEBIANCVE:CVE-2021-30604", "DEBIANCVE:CVE-2021-30606", "DEBIANCVE:CVE-2021-30607", "DEBIANCVE:CVE-2021-30608", "DEBIANCVE:CVE-2021-30609", "DEBIANCVE:CVE-2021-30610", "DEBIANCVE:CVE-2021-30611", "DEBIANCVE:CVE-2021-30612", "DEBIANCVE:CVE-2021-30613", "DEBIANCVE:CVE-2021-30614", "DEBIANCVE:CVE-2021-30615", "DEBIANCVE:CVE-2021-30616", "DEBIANCVE:CVE-2021-30617", "DEBIANCVE:CVE-2021-30618", "DEBIANCVE:CVE-2021-30619", "DEBIANCVE:CVE-2021-30620", "DEBIANCVE:CVE-2021-30621", "DEBIANCVE:CVE-2021-30622", "DEBIANCVE:CVE-2021-30623", "DEBIANCVE:CVE-2021-30624", "DEBIANCVE:CVE-2021-30625", "DEBIANCVE:CVE-2021-30626", "DEBIANCVE:CVE-2021-30627", "DEBIANCVE:CVE-2021-30628", "DEBIANCVE:CVE-2021-30629", "DEBIANCVE:CVE-2021-30630", "DEBIANCVE:CVE-2021-30632", "DEBIANCVE:CVE-2021-30633", "DEBIANCVE:CVE-2021-37956", "DEBIANCVE:CVE-2021-37957", "DEBIANCVE:CVE-2021-37958", "DEBIANCVE:CVE-2021-37959", "DEBIANCVE:CVE-2021-37961", "DEBIANCVE:CVE-2021-37962", "DEBIANCVE:CVE-2021-37963", "DEBIANCVE:CVE-2021-37965", "DEBIANCVE:CVE-2021-37966", "DEBIANCVE:CVE-2021-37967", "DEBIANCVE:CVE-2021-37968", "DEBIANCVE:CVE-2021-37970", "DEBIANCVE:CVE-2021-37971", "DEBIANCVE:CVE-2021-37973", "DEBIANCVE:CVE-2021-37974", "DEBIANCVE:CVE-2021-37975", "DEBIANCVE:CVE-2021-37976", "DEBIANCVE:CVE-2021-37977", "DEBIANCVE:CVE-2021-37978", "DEBIANCVE:CVE-2021-37979", "DEBIANCVE:CVE-2021-37981", "DEBIANCVE:CVE-2021-37982", "DEBIANCVE:CVE-2021-37983", "DEBIANCVE:CVE-2021-37984", "DEBIANCVE:CVE-2021-37985", "DEBIANCVE:CVE-2021-37986", "DEBIANCVE:CVE-2021-37987", "DEBIANCVE:CVE-2021-37988", "DEBIANCVE:CVE-2021-37989", "DEBIANCVE:CVE-2021-37990", "DEBIANCVE:CVE-2021-37991", "DEBIANCVE:CVE-2021-37992", "DEBIANCVE:CVE-2021-37993", "DEBIANCVE:CVE-2021-37994", "DEBIANCVE:CVE-2021-37995", "DEBIANCVE:CVE-2021-37996", "DEBIANCVE:CVE-2021-37997", "DEBIANCVE:CVE-2021-37998", "DEBIANCVE:CVE-2021-37999", "DEBIANCVE:CVE-2021-38000", "DEBIANCVE:CVE-2021-38001", "DEBIANCVE:CVE-2021-38002", "DEBIANCVE:CVE-2021-38003"]}, {"type": "fedora", "idList": ["FEDORA:54EF9304CB93", "FEDORA:6E174304C6DC", "FEDORA:B923630946D6"]}, {"type": "freebsd", "idList": ["128DEBA6-FF56-11EB-8514-3065EC8FD3EC", "47B571F2-157B-11EC-AE98-704D7B472482", "76487640-EA29-11EB-A686-3065EC8FD3EC", "A7732806-0B2A-11EC-836B-3065EC8FD3EC", "B8C0CBCA-472D-11EC-83DC-3065EC8FD3EC", "C3C6C4A3-F47D-11EB-B632-3065EC8FD3EC", "FB9BA490-5CC4-11EC-AAC7-3065EC8FD3EC"]}, {"type": "githubexploit", "idList": ["32BEE5C7-0E79-59A0-BA93-AB01FA18AF14", "5BC9FD05-BCBB-5B7C-AE22-BE3732D2976B", "795FA590-8E97-5C33-A401-7C3EFECA9A25", "C2541EBF-1196-56DE-A74C-2B851CA3CE08", "D03F8616-CD02-52E2-80E1-347A8A3132BC"]}, {"type": "hivepro", "idList": ["HIVEPRO:8AF52D0A3BB6DDEEAC663A63DA954039", "HIVEPRO:F243DF43F7B996BA4E54A801D8E23724"]}, {"type": "kaspersky", "idList": ["KLA12236", "KLA12243", "KLA12249", "KLA12271", "KLA12351", "KLA12413"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30565", "MS:CVE-2021-30566", "MS:CVE-2021-30567", "MS:CVE-2021-30568", "MS:CVE-2021-30569", "MS:CVE-2021-30571", "MS:CVE-2021-30572", "MS:CVE-2021-30573", "MS:CVE-2021-30574", "MS:CVE-2021-30575", "MS:CVE-2021-30576", "MS:CVE-2021-30577", "MS:CVE-2021-30578", "MS:CVE-2021-30579", "MS:CVE-2021-30580", "MS:CVE-2021-30581", "MS:CVE-2021-30582", "MS:CVE-2021-30583", "MS:CVE-2021-30584", "MS:CVE-2021-30585", "MS:CVE-2021-30586", "MS:CVE-2021-30587", "MS:CVE-2021-30588", "MS:CVE-2021-30589", "MS:CVE-2021-30590", "MS:CVE-2021-30591", "MS:CVE-2021-30592", "MS:CVE-2021-30593", "MS:CVE-2021-30594", "MS:CVE-2021-30596", "MS:CVE-2021-30597", "MS:CVE-2021-30598", "MS:CVE-2021-30599", "MS:CVE-2021-30601", "MS:CVE-2021-30602", "MS:CVE-2021-30603", "MS:CVE-2021-30604", "MS:CVE-2021-30606", "MS:CVE-2021-30607", "MS:CVE-2021-30608", "MS:CVE-2021-30609", "MS:CVE-2021-30610", "MS:CVE-2021-30611", "MS:CVE-2021-30612", "MS:CVE-2021-30613", "MS:CVE-2021-30614", "MS:CVE-2021-30615", "MS:CVE-2021-30616", "MS:CVE-2021-30617", "MS:CVE-2021-30618", "MS:CVE-2021-30619", "MS:CVE-2021-30620", "MS:CVE-2021-30621", "MS:CVE-2021-30622", "MS:CVE-2021-30623", "MS:CVE-2021-30624", "MS:CVE-2021-30625", "MS:CVE-2021-30626", "MS:CVE-2021-30627", "MS:CVE-2021-30628", "MS:CVE-2021-30629", "MS:CVE-2021-30630", "MS:CVE-2021-30631", "MS:CVE-2021-30632", "MS:CVE-2021-30633", "MS:CVE-2021-37956", "MS:CVE-2021-37957", "MS:CVE-2021-37958", "MS:CVE-2021-37959", "MS:CVE-2021-37960", "MS:CVE-2021-37961", "MS:CVE-2021-37962", "MS:CVE-2021-37963", "MS:CVE-2021-37965", "MS:CVE-2021-37966", "MS:CVE-2021-37967", "MS:CVE-2021-37968", "MS:CVE-2021-37970", "MS:CVE-2021-37971", "MS:CVE-2021-37973", "MS:CVE-2021-38005", "MS:CVE-2021-38006", "MS:CVE-2021-38007", "MS:CVE-2021-38008", "MS:CVE-2021-38009", "MS:CVE-2021-38010", "MS:CVE-2021-38011", "MS:CVE-2021-38012", "MS:CVE-2021-38013", "MS:CVE-2021-38014", "MS:CVE-2021-38015", "MS:CVE-2021-38016", "MS:CVE-2021-38017", "MS:CVE-2021-38018", "MS:CVE-2021-38019", "MS:CVE-2021-38020", "MS:CVE-2021-38021", "MS:CVE-2021-38022", "MS:CVE-2021-4098", "MS:CVE-2021-4099", "MS:CVE-2021-4100", "MS:CVE-2021-4101", "MS:CVE-2021-4102"]}, {"type": "nessus", "idList": ["701369.PASL", "701370.PASL", "701375.PASL", "701377.PASL", "701378.PASL", "FREEBSD_PKG_128DEBA6FF5611EB85143065EC8FD3EC.NASL", "FREEBSD_PKG_47B571F2157B11ECAE98704D7B472482.NASL", "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "FREEBSD_PKG_C3C6C4A3F47D11EBB6323065EC8FD3EC.NASL", "FREEBSD_PKG_FB9BA4905CC411ECAAC73065EC8FD3EC.NASL", "GOOGLE_CHROME_92_0_4515_107.NASL", "GOOGLE_CHROME_92_0_4515_131.NASL", "GOOGLE_CHROME_92_0_4515_159.NASL", "GOOGLE_CHROME_93_0_4577_63.NASL", "GOOGLE_CHROME_93_0_4577_82.NASL", "GOOGLE_CHROME_94_0_4606_54.NASL", "GOOGLE_CHROME_94_0_4606_61.NASL", "GOOGLE_CHROME_96_0_4664_110.NASL", "GOOGLE_CHROME_96_0_4664_45.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_131.NASL", "MACOSX_GOOGLE_CHROME_92_0_4515_159.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "MACOSX_GOOGLE_CHROME_93_0_4577_82.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_54.NASL", "MACOSX_GOOGLE_CHROME_94_0_4606_61.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_110.NASL", "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_55.NASL", "MICROSOFT_EDGE_CHROMIUM_92_0_902_67.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_38.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_47.NASL", "MICROSOFT_EDGE_CHROMIUM_93_0_961_52.NASL", "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "MICROSOFT_EDGE_CHROMIUM_96_0_1052_29.NASL", "OPENSUSE-2021-1144.NASL", "OPENSUSE-2021-1221.NASL", "OPENSUSE-2021-1300.NASL", "OPENSUSE-2021-1303.NASL", "OPENSUSE-2021-1433.NASL", "OPENSUSE-2021-1488.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:20364300767E58631FFE0D21622E63A3", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD"]}, {"type": "securelist", "idList": ["SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1131-1", "OPENSUSE-SU-2021:1144-1", "OPENSUSE-SU-2021:1172-1", "OPENSUSE-SU-2021:1180-1", "OPENSUSE-SU-2021:1221-1", "OPENSUSE-SU-2021:1300-1", "OPENSUSE-SU-2021:1303-1", "OPENSUSE-SU-2021:1310-1", "OPENSUSE-SU-2021:1488-1", "OPENSUSE-SU-2021:1489-1"]}, {"type": "talos", "idList": ["TALOS-2021-1348"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:6A9CD6F085628D08978727C0FF597535"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30565", "UB:CVE-2021-30566", "UB:CVE-2021-30567", "UB:CVE-2021-30568", "UB:CVE-2021-30569", "UB:CVE-2021-30571", "UB:CVE-2021-30572", "UB:CVE-2021-30573", "UB:CVE-2021-30574", "UB:CVE-2021-30575", "UB:CVE-2021-30576", "UB:CVE-2021-30577", "UB:CVE-2021-30578", "UB:CVE-2021-30579", "UB:CVE-2021-30580", "UB:CVE-2021-30581", "UB:CVE-2021-30582", "UB:CVE-2021-30583", "UB:CVE-2021-30584", "UB:CVE-2021-30585", "UB:CVE-2021-30586", "UB:CVE-2021-30587", "UB:CVE-2021-30588", "UB:CVE-2021-30589", "UB:CVE-2021-30590", "UB:CVE-2021-30591", "UB:CVE-2021-30592", "UB:CVE-2021-30593", "UB:CVE-2021-30594", "UB:CVE-2021-30596", "UB:CVE-2021-30597", "UB:CVE-2021-30606", "UB:CVE-2021-30607", "UB:CVE-2021-30608", "UB:CVE-2021-30609", "UB:CVE-2021-30610", "UB:CVE-2021-30611", "UB:CVE-2021-30612", "UB:CVE-2021-30613", "UB:CVE-2021-30614", "UB:CVE-2021-30615", "UB:CVE-2021-30616", "UB:CVE-2021-30617", "UB:CVE-2021-30618", "UB:CVE-2021-30619", "UB:CVE-2021-30620", "UB:CVE-2021-30621", "UB:CVE-2021-30622", "UB:CVE-2021-30623", "UB:CVE-2021-30624", "UB:CVE-2021-30625", "UB:CVE-2021-30626", "UB:CVE-2021-30627", "UB:CVE-2021-30628", "UB:CVE-2021-30629", "UB:CVE-2021-30630", "UB:CVE-2021-30631", "UB:CVE-2021-30632", "UB:CVE-2021-30633", "UB:CVE-2021-37956", "UB:CVE-2021-37957", "UB:CVE-2021-37958", "UB:CVE-2021-37959", "UB:CVE-2021-37960", "UB:CVE-2021-37961", "UB:CVE-2021-37962", "UB:CVE-2021-37963", "UB:CVE-2021-37965", "UB:CVE-2021-37966", "UB:CVE-2021-37967", "UB:CVE-2021-37968", "UB:CVE-2021-37970", "UB:CVE-2021-37971", "UB:CVE-2021-37997", "UB:CVE-2021-37998", "UB:CVE-2021-37999", "UB:CVE-2021-38000", "UB:CVE-2021-38001", "UB:CVE-2021-38002", "UB:CVE-2021-4098", "UB:CVE-2021-4099", "UB:CVE-2021-4100", "UB:CVE-2021-4101", "UB:CVE-2021-4102", "UB:CVE-2022-0117", "UB:CVE-2022-0118", "UB:CVE-2022-0120"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-30565", "epss": 0.00205, "percentile": 0.57021, "modified": "2023-05-03"}, {"cve": "CVE-2021-30566", "epss": 0.00379, "percentile": 0.68837, "modified": "2023-05-03"}, {"cve": "CVE-2021-30567", "epss": 0.0021, "percentile": 0.57449, "modified": "2023-05-03"}, {"cve": "CVE-2021-30568", "epss": 0.00358, "percentile": 0.67913, "modified": "2023-05-03"}, {"cve": "CVE-2021-30569", "epss": 0.004, "percentile": 0.69699, "modified": "2023-05-03"}, {"cve": "CVE-2021-30571", "epss": 0.00259, "percentile": 0.62174, "modified": "2023-05-03"}, {"cve": "CVE-2021-30572", "epss": 0.00358, "percentile": 0.6795, "modified": "2023-05-03"}, {"cve": "CVE-2021-30573", "epss": 0.00358, "percentile": 0.6795, "modified": "2023-05-03"}, {"cve": "CVE-2021-30574", "epss": 0.00358, "percentile": 0.6795, "modified": "2023-05-03"}, {"cve": "CVE-2021-30575", "epss": 0.00526, "percentile": 0.73528, "modified": "2023-05-03"}, {"cve": "CVE-2021-30576", "epss": 0.00182, "percentile": 0.54017, "modified": "2023-05-03"}, {"cve": "CVE-2021-30577", "epss": 0.00085, "percentile": 0.34623, "modified": "2023-05-03"}, {"cve": "CVE-2021-30578", "epss": 0.00508, "percentile": 0.73084, "modified": "2023-05-03"}, {"cve": "CVE-2021-30579", "epss": 0.00358, "percentile": 0.6795, "modified": "2023-05-03"}, {"cve": "CVE-2021-30580", "epss": 0.00229, "percentile": 0.59553, "modified": "2023-05-03"}, {"cve": "CVE-2021-30581", "epss": 0.00182, "percentile": 0.54017, "modified": "2023-05-03"}, {"cve": "CVE-2021-30582", "epss": 0.04401, "percentile": 0.91125, "modified": "2023-05-03"}, {"cve": "CVE-2021-30583", "epss": 0.01347, "percentile": 0.84114, "modified": "2023-05-03"}, {"cve": "CVE-2021-30584", "epss": 0.00293, "percentile": 0.64537, "modified": "2023-05-03"}, {"cve": "CVE-2021-30585", "epss": 0.004, "percentile": 0.69699, "modified": "2023-05-03"}, {"cve": "CVE-2021-30586", "epss": 0.00194, "percentile": 0.55705, "modified": "2023-05-03"}, {"cve": "CVE-2021-30587", "epss": 0.00639, "percentile": 0.7615, "modified": "2023-05-03"}, {"cve": "CVE-2021-30588", "epss": 0.00508, "percentile": 0.73084, "modified": "2023-05-03"}, {"cve": "CVE-2021-30589", "epss": 0.0022, "percentile": 0.58642, "modified": "2023-05-03"}, {"cve": "CVE-2021-30590", "epss": 0.003, "percentile": 0.64925, "modified": "2023-05-03"}, {"cve": "CVE-2021-30591", "epss": 0.00284, "percentile": 0.63961, "modified": "2023-05-03"}, {"cve": "CVE-2021-30592", "epss": 0.00205, "percentile": 0.57021, "modified": "2023-05-03"}, {"cve": "CVE-2021-30593", "epss": 0.00231, "percentile": 0.59804, "modified": "2023-05-03"}, {"cve": "CVE-2021-30594", "epss": 0.00146, "percentile": 0.49237, "modified": "2023-05-03"}, {"cve": "CVE-2021-30596", "epss": 0.00248, "percentile": 0.61188, "modified": "2023-05-03"}, {"cve": "CVE-2021-30597", "epss": 0.00146, "percentile": 0.49237, "modified": "2023-05-03"}, {"cve": "CVE-2021-30598", "epss": 0.00365, "percentile": 0.6822, "modified": "2023-05-03"}, {"cve": "CVE-2021-30599", "epss": 0.00644, "percentile": 0.76243, "modified": "2023-05-03"}, {"cve": "CVE-2021-30600", "epss": 0.00284, "percentile": 0.63961, "modified": "2023-05-03"}, {"cve": "CVE-2021-30601", "epss": 0.00205, "percentile": 0.57021, "modified": "2023-05-03"}, {"cve": "CVE-2021-30602", "epss": 0.00422, "percentile": 0.7042, "modified": "2023-05-03"}, {"cve": "CVE-2021-30603", "epss": 0.00555, "percentile": 0.74236, "modified": "2023-05-03"}, {"cve": "CVE-2021-30604", "epss": 0.00284, "percentile": 0.63961, "modified": "2023-05-03"}, {"cve": "CVE-2021-30606", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30607", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30608", "epss": 0.00198, "percentile": 0.56199, "modified": "2023-05-03"}, {"cve": "CVE-2021-30609", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30610", "epss": 0.00242, "percentile": 0.60635, "modified": "2023-05-03"}, {"cve": "CVE-2021-30611", "epss": 0.00153, "percentile": 0.50082, "modified": "2023-05-03"}, {"cve": "CVE-2021-30612", "epss": 0.00198, "percentile": 0.56199, "modified": "2023-05-03"}, {"cve": "CVE-2021-30613", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30614", "epss": 0.00385, "percentile": 0.69066, "modified": "2023-05-03"}, {"cve": "CVE-2021-30615", "epss": 0.00198, "percentile": 0.562, "modified": "2023-05-03"}, {"cve": "CVE-2021-30616", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30617", "epss": 0.00117, "percentile": 0.44165, "modified": "2023-05-03"}, {"cve": "CVE-2021-30618", "epss": 0.0026, "percentile": 0.62253, "modified": "2023-05-03"}, {"cve": "CVE-2021-30619", "epss": 0.00166, "percentile": 0.5182, "modified": "2023-05-03"}, {"cve": "CVE-2021-30620", "epss": 0.0026, "percentile": 0.62253, "modified": "2023-05-03"}, {"cve": "CVE-2021-30621", "epss": 0.00166, "percentile": 0.5182, "modified": "2023-05-03"}, {"cve": "CVE-2021-30622", "epss": 0.00198, "percentile": 0.56199, "modified": "2023-05-03"}, {"cve": "CVE-2021-30623", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30624", "epss": 0.00314, "percentile": 0.65737, "modified": "2023-05-03"}, {"cve": "CVE-2021-30625", "epss": 0.00173, "percentile": 0.52927, "modified": "2023-05-03"}, {"cve": "CVE-2021-30626", "epss": 0.00267, "percentile": 0.62742, "modified": "2023-05-03"}, {"cve": "CVE-2021-30627", "epss": 0.00267, "percentile": 0.62742, "modified": "2023-05-03"}, {"cve": "CVE-2021-30628", "epss": 0.00267, "percentile": 0.62742, "modified": "2023-05-03"}, {"cve": "CVE-2021-30629", "epss": 0.00378, "percentile": 0.68818, "modified": "2023-05-03"}, {"cve": "CVE-2021-30630", "epss": 0.00179, "percentile": 0.53536, "modified": "2023-05-03"}, {"cve": "CVE-2021-30632", "epss": 0.86698, "percentile": 0.98049, "modified": "2023-05-03"}, {"cve": "CVE-2021-30633", "epss": 0.00233, "percentile": 0.59944, "modified": "2023-05-03"}, {"cve": "CVE-2021-37956", "epss": 0.00227, "percentile": 0.59416, "modified": "2023-05-03"}, {"cve": "CVE-2021-37957", "epss": 0.00204, "percentile": 0.56872, "modified": "2023-05-03"}, {"cve": "CVE-2021-37958", "epss": 0.00338, "percentile": 0.67006, "modified": "2023-05-03"}, {"cve": "CVE-2021-37959", "epss": 0.00147, "percentile": 0.49374, "modified": "2023-05-03"}, {"cve": "CVE-2021-37961", "epss": 0.00227, "percentile": 0.59416, "modified": "2023-05-03"}, {"cve": "CVE-2021-37962", "epss": 0.00227, "percentile": 0.59416, "modified": "2023-05-03"}, {"cve": "CVE-2021-37963", "epss": 0.00341, "percentile": 0.67128, "modified": "2023-05-03"}, {"cve": "CVE-2021-37965", "epss": 0.00336, "percentile": 0.66938, "modified": "2023-05-03"}, {"cve": "CVE-2021-37966", "epss": 0.00237, "percentile": 0.60295, "modified": "2023-05-03"}, {"cve": "CVE-2021-37967", "epss": 0.00237, "percentile": 0.60295, "modified": "2023-05-03"}, {"cve": "CVE-2021-37968", "epss": 0.00477, "percentile": 0.72152, "modified": "2023-05-03"}, {"cve": "CVE-2021-37970", "epss": 0.00182, "percentile": 0.53996, "modified": "2023-05-03"}, {"cve": "CVE-2021-37971", "epss": 0.0039, "percentile": 0.69308, "modified": "2023-05-03"}, {"cve": "CVE-2021-37973", "epss": 0.00301, "percentile": 0.64982, "modified": "2023-05-03"}, {"cve": "CVE-2021-37974", "epss": 0.00329, "percentile": 0.66586, "modified": "2023-05-03"}, {"cve": "CVE-2021-37975", "epss": 0.52228, "percentile": 0.97029, "modified": "2023-05-03"}, {"cve": "CVE-2021-37976", "epss": 0.02814, "percentile": 0.89113, "modified": "2023-05-03"}, {"cve": "CVE-2021-37977", "epss": 0.00301, "percentile": 0.64959, "modified": "2023-05-03"}, {"cve": "CVE-2021-37978", "epss": 0.00212, "percentile": 0.57722, "modified": "2023-05-03"}, {"cve": "CVE-2021-37979", "epss": 0.00211, "percentile": 0.57575, "modified": "2023-05-03"}, {"cve": "CVE-2021-37981", "epss": 0.00175, "percentile": 0.53139, "modified": "2023-05-03"}, {"cve": "CVE-2021-37982", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37983", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37984", "epss": 0.002, "percentile": 0.56413, "modified": "2023-05-03"}, {"cve": "CVE-2021-37985", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37986", "epss": 0.002, "percentile": 0.56413, "modified": "2023-05-03"}, {"cve": "CVE-2021-37987", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37988", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37989", "epss": 0.00182, "percentile": 0.54009, "modified": "2023-05-03"}, {"cve": "CVE-2021-37990", "epss": 0.00107, "percentile": 0.4211, "modified": "2023-05-03"}, {"cve": "CVE-2021-37991", "epss": 0.002, "percentile": 0.56413, "modified": "2023-05-03"}, {"cve": "CVE-2021-37992", "epss": 0.002, "percentile": 0.56413, "modified": "2023-05-03"}, {"cve": "CVE-2021-37993", "epss": 0.00284, "percentile": 0.63957, "modified": "2023-05-03"}, {"cve": "CVE-2021-37994", "epss": 0.00148, "percentile": 0.49448, "modified": "2023-05-03"}, {"cve": "CVE-2021-37995", "epss": 0.00182, "percentile": 0.54009, "modified": "2023-05-03"}, {"cve": "CVE-2021-37996", "epss": 0.00106, "percentile": 0.41857, "modified": "2023-05-03"}, {"cve": "CVE-2021-37997", "epss": 0.00241, "percentile": 0.60583, "modified": "2023-05-03"}, {"cve": "CVE-2021-37998", "epss": 0.00241, "percentile": 0.60583, "modified": "2023-05-03"}, {"cve": "CVE-2021-37999", "epss": 0.00148, "percentile": 0.49403, "modified": "2023-05-03"}, {"cve": "CVE-2021-38000", "epss": 0.00258, "percentile": 0.62059, "modified": "2023-05-03"}, {"cve": "CVE-2021-38001", "epss": 0.0017, "percentile": 0.52618, "modified": "2023-05-03"}, {"cve": "CVE-2021-38002", "epss": 0.00148, "percentile": 0.49482, "modified": "2023-05-03"}, {"cve": "CVE-2021-38003", "epss": 0.01295, "percentile": 0.83791, "modified": "2023-05-03"}, {"cve": "CVE-2021-38005", "epss": 0.00252, "percentile": 0.61576, "modified": "2023-05-03"}, {"cve": "CVE-2021-38006", "epss": 0.00252, "percentile": 0.61576, "modified": "2023-05-03"}, {"cve": "CVE-2021-38007", "epss": 0.00178, "percentile": 0.53472, "modified": "2023-05-03"}, {"cve": "CVE-2021-38008", "epss": 0.003, "percentile": 0.64907, "modified": "2023-05-03"}, {"cve": "CVE-2021-38009", "epss": 0.00218, "percentile": 0.58297, "modified": "2023-05-03"}, {"cve": "CVE-2021-38010", "epss": 0.00146, "percentile": 0.49198, "modified": "2023-05-03"}, {"cve": "CVE-2021-38011", "epss": 0.00252, "percentile": 0.61576, "modified": "2023-05-03"}, {"cve": "CVE-2021-38012", "epss": 0.00178, "percentile": 0.53472, "modified": "2023-05-03"}, {"cve": "CVE-2021-38013", "epss": 0.00186, "percentile": 0.54486, "modified": "2023-05-03"}, {"cve": "CVE-2021-38014", "epss": 0.00173, "percentile": 0.52975, "modified": "2023-05-03"}, {"cve": "CVE-2021-38015", "epss": 0.00115, "percentile": 0.43883, "modified": "2023-05-03"}, {"cve": "CVE-2021-38016", "epss": 0.00178, "percentile": 0.53472, "modified": "2023-05-03"}, {"cve": "CVE-2021-38017", "epss": 0.00178, "percentile": 0.53472, "modified": "2023-05-03"}, {"cve": "CVE-2021-38018", "epss": 0.00106, "percentile": 0.41649, "modified": "2023-05-03"}, {"cve": "CVE-2021-38019", "epss": 0.00214, "percentile": 0.57944, "modified": "2023-05-03"}, {"cve": "CVE-2021-38020", "epss": 0.00148, "percentile": 0.49406, "modified": "2023-05-03"}, {"cve": "CVE-2021-38021", "epss": 0.00146, "percentile": 0.49198, "modified": "2023-05-03"}, {"cve": "CVE-2021-38022", "epss": 0.00214, "percentile": 0.57944, "modified": "2023-05-03"}, {"cve": "CVE-2021-4098", "epss": 0.00102, "percentile": 0.40329, "modified": "2023-05-03"}, {"cve": "CVE-2021-4099", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2021-4100", "epss": 0.00133, "percentile": 0.46948, "modified": "2023-05-03"}, {"cve": "CVE-2021-4101", "epss": 0.00133, "percentile": 0.46948, "modified": "2023-05-03"}, {"cve": "CVE-2021-4102", "epss": 0.0051, "percentile": 0.73124, "modified": "2023-05-03"}, {"cve": "CVE-2022-0096", "epss": 0.00247, "percentile": 0.61107, "modified": "2023-05-03"}, {"cve": "CVE-2022-0097", "epss": 0.00121, "percentile": 0.44949, "modified": "2023-05-03"}, {"cve": "CVE-2022-0098", "epss": 0.00117, "percentile": 0.44282, "modified": "2023-05-03"}, {"cve": "CVE-2022-0099", "epss": 0.00263, "percentile": 0.62453, "modified": "2023-05-03"}, {"cve": "CVE-2022-0100", "epss": 0.00304, "percentile": 0.65249, "modified": "2023-05-03"}, {"cve": "CVE-2022-0101", "epss": 0.00304, "percentile": 0.65249, "modified": "2023-05-03"}, {"cve": "CVE-2022-0102", "epss": 0.00263, "percentile": 0.62453, "modified": "2023-05-03"}, {"cve": "CVE-2022-0103", "epss": 0.00263, "percentile": 0.62453, "modified": "2023-05-03"}, {"cve": "CVE-2022-0104", "epss": 0.00249, "percentile": 0.6127, "modified": "2023-05-03"}, {"cve": "CVE-2022-0105", "epss": 0.00247, "percentile": 0.61107, "modified": "2023-05-03"}, {"cve": "CVE-2022-0106", "epss": 0.00247, "percentile": 0.61107, "modified": "2023-05-03"}, {"cve": "CVE-2022-0107", "epss": 0.00117, "percentile": 0.44282, "modified": "2023-05-03"}, {"cve": "CVE-2022-0108", "epss": 0.01044, "percentile": 0.81785, "modified": "2023-05-03"}, {"cve": "CVE-2022-0109", "epss": 0.0047, "percentile": 0.71932, "modified": "2023-05-03"}, {"cve": "CVE-2022-0110", "epss": 0.00259, "percentile": 0.62148, "modified": "2023-05-03"}, {"cve": "CVE-2022-0111", "epss": 0.00319, "percentile": 0.66061, "modified": "2023-05-03"}, {"cve": "CVE-2022-0112", "epss": 0.00229, "percentile": 0.59599, "modified": "2023-05-03"}, {"cve": "CVE-2022-0113", "epss": 0.00529, "percentile": 0.7361, "modified": "2023-05-03"}, {"cve": "CVE-2022-0114", "epss": 0.0028, "percentile": 0.63698, "modified": "2023-05-03"}, {"cve": "CVE-2022-0115", "epss": 0.00247, "percentile": 0.61107, "modified": "2023-05-03"}, {"cve": "CVE-2022-0116", "epss": 0.00275, "percentile": 0.63306, "modified": "2023-05-03"}, {"cve": "CVE-2022-0117", "epss": 0.00533, "percentile": 0.73711, "modified": "2023-05-03"}, {"cve": "CVE-2022-0118", "epss": 0.00212, "percentile": 0.57672, "modified": "2023-05-03"}, {"cve": "CVE-2022-0120", "epss": 0.00444, "percentile": 0.7113, "modified": "2023-05-03"}, {"cve": "CVE-2022-0289", "epss": 0.00484, "percentile": 0.72416, "modified": "2023-05-03"}, {"cve": "CVE-2022-0290", "epss": 0.00486, "percentile": 0.72461, "modified": "2023-05-03"}, {"cve": "CVE-2022-0291", "epss": 0.00115, "percentile": 0.43828, "modified": "2023-05-03"}, {"cve": "CVE-2022-0292", "epss": 0.00111, "percentile": 0.42901, "modified": "2023-05-03"}, {"cve": "CVE-2022-0293", "epss": 0.00145, "percentile": 0.49099, "modified": "2023-05-03"}, {"cve": "CVE-2022-0294", "epss": 0.00115, "percentile": 0.43828, "modified": "2023-05-03"}, {"cve": "CVE-2022-0295", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0296", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0297", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0298", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0300", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0301", "epss": 0.00052, "percentile": 0.18186, "modified": "2023-05-03"}, {"cve": "CVE-2022-0302", "epss": 0.00112, "percentile": 0.43208, "modified": "2023-05-03"}, {"cve": "CVE-2022-0304", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0305", "epss": 0.00092, "percentile": 0.3798, "modified": "2023-05-03"}, {"cve": "CVE-2022-0306", "epss": 0.00255, "percentile": 0.61924, "modified": "2023-05-03"}, {"cve": "CVE-2022-0307", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0308", "epss": 0.00133, "percentile": 0.46907, "modified": "2023-05-03"}, {"cve": "CVE-2022-0309", "epss": 0.00092, "percentile": 0.3798, "modified": "2023-05-03"}, {"cve": "CVE-2022-0310", "epss": 0.00111, "percentile": 0.42914, "modified": "2023-05-03"}, {"cve": "CVE-2022-0311", "epss": 0.00111, "percentile": 0.42914, "modified": "2023-05-03"}], "vulnersScore": 8.2}, "_state": {"dependencies": 1694797936, "score": 1694798354, "epss": 0}, "_internal": {"score_hash": "129776d49c8b245462697ba7ea3c8f76"}, "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "arch": "all", "packageFilename": "UNKNOWN", "packageVersion": "97.0.4692.99", "operator": "lt", "packageName": "www-client/google-chrome"}, {"OS": "Gentoo", "OSVersion": "any", "arch": "all", "packageFilename": "UNKNOWN", "packageVersion": "97.0.4692.99", "operator": "lt", "packageName": "www-client/chromium"}]}

{"fedora": [{"lastseen": "2023-05-27T14:49:26", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-13T13:09:01", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-93.0.4577.63-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-13T13:09:01", "id": "FEDORA:B923630946D6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:26", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-13T03:49:46", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-93.0.4577.63-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-13T03:49:46", "id": "FEDORA:54EF9304CB93", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:27", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-24T20:47:44", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-93.0.4577.63-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-24T20:47:44", "id": "FEDORA:6E174304C6DC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-09T00:27:38", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-94.0.4606.61-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-09T00:27:38", "id": "FEDORA:E043930AE6E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:06", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-30T01:44:13", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30613", "CVE-2021-30616", "CVE-2021-30618", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30630", "CVE-2021-30633", "CVE-2021-3517", "CVE-2021-3541", "CVE-2021-37962", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37984", "CVE-2021-37989", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37996", "CVE-2021-38001", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38012", "CVE-2021-38015", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38022", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4062", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-30T01:44:13", "id": "FEDORA:210C430584A5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2MLX3OHXV7SCLP5MK4AA5TVXPPNSWDUP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-03T01:10:21", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-94.0.4606.61-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-03T01:10:21", "id": "FEDORA:4CD8430AA7AD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WKQDE3PWDKASAPSUJYMOQGL73L3YQRFS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-29T23:16:24", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-94.0.4606.61-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2021-10-29T23:16:24", "id": "FEDORA:5C0DB31397D8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:06", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-02-04T01:23:18", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: qt5-qtwebengine-5.15.8-2.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30530", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30541", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30551", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30556", "CVE-2021-30559", "CVE-2021-30560", "CVE-2021-30563", "CVE-2021-30566", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30573", "CVE-2021-30585", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30613", "CVE-2021-30616", "CVE-2021-30618", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30633", "CVE-2021-3517", "CVE-2021-3541", "CVE-2021-37962", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37984", "CVE-2021-37987", "CVE-2021-37989", "CVE-2021-37993", "CVE-2021-37996", "CVE-2021-38001", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38007", "CVE-2021-38009", "CVE-2021-38012", "CVE-2021-38015", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4062", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-02-04T01:23:18", "id": "FEDORA:75CA430AA7A6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TAQAOVT4SUACCJLZJ5TNNXKVBC2JWMPG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-04T01:24:01", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-94.0.4606.81-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-11-04T01:24:01", "id": "FEDORA:1E8AD3056996", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:36:18", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-29T06:39:34", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-96.0.4664.110-3.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-29T06:39:34", "id": "FEDORA:12FCA30F5428", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DYRBUWTP7BHWIWYZCVTN437SG6GUZDC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:36:18", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-01-07T01:12:20", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102"], "modified": "2022-01-07T01:12:20", "id": "FEDORA:D72E230C6791", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-29T23:26:34", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-94.0.4606.81-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-29T23:26:34", "id": "FEDORA:BC8983072E0A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:36:04", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-15T19:23:21", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-94.0.4606.81-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2021-10-15T19:23:21", "id": "FEDORA:BE52E30CCCAA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:19", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-14T22:27:09", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-99.0.4844.51-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-14T22:27:09", "id": "FEDORA:BD29330987FD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:20", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-26T15:43:20", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-99.0.4844.51-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-26T15:43:20", "id": "FEDORA:9952031143B1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-15T17:09:19", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-03-11T14:48:13", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-99.0.4844.51-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809"], "modified": "2022-03-11T14:48:13", "id": "FEDORA:7AA7C307F074", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-07-04T14:33:42", "description": "The remote host is affected by the vulnerability described in GLSA-202201-02 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. (CVE-2021-30580)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30583)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30586)\n\n - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-30587)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30590)\n\n - Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.\n (CVE-2021-30593)\n\n - Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-30596)\n\n - Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. (CVE-2021-30597)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30629)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631, CVE-2021-37960)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-31T00:00:00", "type": "nessus", "title": "GLSA-202201-02 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202201-02.NASL", "href": "https://www.tenable.com/plugins/nessus/157241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202201-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157241);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\n \"CVE-2021-4098\",\n \"CVE-2021-4099\",\n \"CVE-2021-4100\",\n \"CVE-2021-4101\",\n \"CVE-2021-4102\",\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\",\n \"CVE-2021-30598\",\n \"CVE-2021-30599\",\n \"CVE-2021-30600\",\n \"CVE-2021-30601\",\n \"CVE-2021-30602\",\n \"CVE-2021-30603\",\n \"CVE-2021-30604\",\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\",\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\",\n \"CVE-2021-37997\",\n \"CVE-2021-37998\",\n \"CVE-2021-37999\",\n \"CVE-2021-38000\",\n \"CVE-2021-38001\",\n \"CVE-2021-38002\",\n \"CVE-2021-38003\",\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\",\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\",\n \"CVE-2022-0289\",\n \"CVE-2022-0290\",\n \"CVE-2022-0291\",\n \"CVE-2022-0292\",\n \"CVE-2022-0293\",\n \"CVE-2022-0294\",\n \"CVE-2022-0295\",\n \"CVE-2022-0296\",\n \"CVE-2022-0297\",\n \"CVE-2022-0298\",\n \"CVE-2022-0300\",\n \"CVE-2022-0301\",\n \"CVE-2022-0302\",\n \"CVE-2022-0303\",\n \"CVE-2022-0304\",\n \"CVE-2022-0305\",\n \"CVE-2022-0306\",\n \"CVE-2022-0307\",\n \"CVE-2022-0308\",\n \"CVE-2022-0309\",\n \"CVE-2022-0310\",\n \"CVE-2022-0311\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0385-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0522-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0576-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0001-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0042-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/29\");\n\n script_name(english:\"GLSA-202201-02 : Chromium, Google Chrome: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202201-02 (Chromium, Google Chrome: Multiple\nvulnerabilities)\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious application to obtain potentially sensitive\n information via a crafted HTML page. (CVE-2021-30580)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107\n allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30583)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via\n a crafted HTML page. (CVE-2021-30586)\n\n - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-30587)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30590)\n\n - Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who\n convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted\n HTML page. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced\n a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.\n (CVE-2021-30593)\n\n - Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to\n potentially exploit heap corruption via physical access to the device. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-30596)\n\n - Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker\n to potentially exploit heap corruption via physical access to the device. (CVE-2021-30597)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute\n arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user\n to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30629)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631,\n CVE-2021-37960)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who\n convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2021-37979)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a\n user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced\n a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote\n attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a\n user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote\n attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69\n allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed\n a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via\n a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a\n remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202201-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=803167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=806223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=808715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=811348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=814221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=814617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=815673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=819054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=820689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=824274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=830642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831624\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n\t\t\t# emerge --sync\n\t\t\t# emerge --ask --oneshot --verbose\n\t\t\t>=www-client/chromium-97.0.4692.99\n\t\t\nAll Google Chrome users should upgrade to the latest version:\n\n\t\t\t# emerge --sync\n\t\t\t# emerge --ask --oneshot --verbose\n\t\t\t>=www-client/google-chrome-97.0.4692.99\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 97.0.4692.99\"),\n 'vulnerable' : make_list(\"lt 97.0.4692.99\")\n },\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 97.0.4692.99\"),\n 'vulnerable' : make_list(\"lt 97.0.4692.99\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:08", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1131-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/152460", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1131-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152460);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1131-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1131-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - Incorrect security UI in Navigation. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189006\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QMTT3WQIVTBT7PZKT6YDJXEYNVRRJDO2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f84da44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30592\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-92.0.4515.131-lp152.2.116.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-lp152.2.116.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:34", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1144-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-12T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/152515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1144-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\",\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0361-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1144-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1144-1 advisory.\n\n - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an\n attacker who convinced a user to install a malicious extension to perform an out of bounds memory write\n via a crafted HTML page. (CVE-2021-30565)\n\n - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who\n had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.\n (CVE-2021-30566)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to open DevTools to potentially exploit heap corruption via specific user gesture. (CVE-2021-30567)\n\n - Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30568)\n\n - Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30569)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker\n who convinced a user to install a malicious extension to potentially perform a sandbox escape via a\n crafted HTML page. (CVE-2021-30571)\n\n - Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30572)\n\n - Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30573)\n\n - Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30574)\n\n - Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30575)\n\n - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30576, CVE-2021-30581)\n\n - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to perform local privilege escalation via a crafted file. (CVE-2021-30577)\n\n - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform\n out of bounds memory access via a crafted HTML page. (CVE-2021-30578)\n\n - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30579)\n\n - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-30582)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-30584)\n\n - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30585)\n\n - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30588)\n\n - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a\n remote attacker to bypass navigation restrictions via a crafted click-to-call link. (CVE-2021-30589)\n\n - Heap buffer overflow in Bookmarks. (CVE-2021-30590)\n\n - Use after free in File System API. (CVE-2021-30591)\n\n - Out of bounds write in Tab Groups. (CVE-2021-30592)\n\n - Out of bounds read in Tab Strip. (CVE-2021-30593)\n\n - Use after free in Page Info UI. (CVE-2021-30594)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-30596)\n\n - Use after free in Browser UI. (CVE-2021-30597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189006\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXI3OZYD3ADIBS3KBG3HYP2WXAJHKIDA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cbc8be44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30592\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-92.0.4515.131-bp153.2.19.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-92.0.4515.131-bp153.2.19.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-bp153.2.19.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.131-bp153.2.19.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:07", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1300-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-22T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1300-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1300.NASL", "href": "https://www.tenable.com/plugins/nessus/153533", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1300-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153533);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1300-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1300-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190476\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFYTQFVWKBYVVXUN3DISYCDXS27AWFTC/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5c6950d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-93.0.4577.82-bp153.2.28.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-93.0.4577.82-bp153.2.28.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-bp153.2.28.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-bp153.2.28.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:09", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1310-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:1310-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/153669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1310-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153669);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:1310-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1310-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZDRKVDFEPABXRR653626WGJRZWK5HZ7Y/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0265fbbf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-79.0.4143.22-lp152.2.64.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:14", "description": "Chrome Releases reports :\n\nThis release contains 35 security fixes, including :\n\n- ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups.\nReported by David Erceg on 2021-05-19\n\n- [1202661] High CVE-2021-30566: Stack buffer overflow in Printing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26\n\n- [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20\n\n- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n\n- [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11\n\n- [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03\n\n- [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28\n\n- [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06\n\n- [1227315] High CVE-2021-30574: Use after free in protocol handling.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08\n\n- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26\n\n- [1194896] Medium CVE-2021-30576: Use after free in DevTools.\nReported by David Erceg on 2021-04-01\n\n- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01\n\n- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.\nReported by Chaoyuan Peng on 2021-04-21\n\n- [1207277] Medium CVE-2021-30579: Use after free in UI framework.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10\n\n- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17\n\n- [1194431] Medium CVE-2021-30581: Use after free in DevTools.\nReported by David Erceg on 2021-03-31\n\n- [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05\n\n- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17\n\n- [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads.\nReported by @retsew0x01 on 2021-05-26\n\n- [1023503] Medium CVE-2021-30585: Use after free in sensor handling.\nReported by niarci on 2019-11-11\n\n- [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21\n\n- [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30\n\n- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04\n\n- [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (76487640-ea29-11eb-a686-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76487640EA2911EBA6863065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/151972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151972);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (76487640-ea29-11eb-a686-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 35 security fixes, including :\n\n- ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups.\nReported by David Erceg on 2021-05-19\n\n- [1202661] High CVE-2021-30566: Stack buffer overflow in Printing.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26\n\n- [1211326] High CVE-2021-30567: Use after free in DevTools. Reported\nby DDV_UA on 2021-05-20\n\n- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n\n- [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by\nChris Salls (@salls) of Makai Security on 2021-06-11\n\n- [1101897] High CVE-2021-30571: Insufficient policy enforcement in\nDevTools. Reported by David Erceg on 2020-07-03\n\n- [1214234] High CVE-2021-30572: Use after free in Autofill. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2021-05-28\n\n- [1216822] High CVE-2021-30573: Use after free in GPU. Reported by\nSecurity For Everyone Team - https://securityforeveryone.com on\n2021-06-06\n\n- [1227315] High CVE-2021-30574: Use after free in protocol handling.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08\n\n- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26\n\n- [1194896] Medium CVE-2021-30576: Use after free in DevTools.\nReported by David Erceg on 2021-04-01\n\n- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in\nInstaller. Reported by Jan van der Put (REQON B.V) on 2021-05-01\n\n- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.\nReported by Chaoyuan Peng on 2021-04-21\n\n- [1207277] Medium CVE-2021-30579: Use after free in UI framework.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\nQi'anxin Group on 2021-05-10\n\n- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in\nAndroid intents. Reported by @retsew0x01 on 2021-03-17\n\n- [1194431] Medium CVE-2021-30581: Use after free in DevTools.\nReported by David Erceg on 2021-03-31\n\n- [1205981] Medium CVE-2021-30582: Inappropriate implementation in\nAnimation. Reported by George Liu on 2021-05-05\n\n- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in\nimage handling on Windows. Reported by Muneaki Nishimura (nishimunea)\non 2021-02-17\n\n- [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads.\nReported by @retsew0x01 on 2021-05-26\n\n- [1023503] Medium CVE-2021-30585: Use after free in sensor handling.\nReported by niarci on 2019-11-11\n\n- [1201032] Medium CVE-2021-30586: Use after free in dialog box\nhandling on Windows. Reported by kkomdal with kkwon and neodal on\n2021-04-21\n\n- [1204347] Medium CVE-2021-30587: Inappropriate implementation in\nCompositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft\nBrowser Vulnerability Research on 2021-04-30\n\n- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose\nMartinez (tr0y4) from VerSprite Inc. on 2021-04-04\n\n- [1180510] Low CVE-2021-30589: Insufficient validation of untrusted\ninput in Sharing. Reported by Kirtikumar Anandrao Ramchandani\n(@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n # https://vuxml.freebsd.org/freebsd/76487640-ea29-11eb-a686-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?072c2990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<92.0.4515.107\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:56:56", "description": "The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.107. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Google Chrome < 92.0.4515.107 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_92_0_4515_107.NASL", "href": "https://www.tenable.com/plugins/nessus/151831", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151831);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"Google Chrome < 92.0.4515.107 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.107. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1211326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1218707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1101897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1214234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1227315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1205981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180510\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 92.0.4515.107 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'92.0.4515.107', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:30", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1303-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-23T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1303-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1303.NASL", "href": "https://www.tenable.com/plugins/nessus/153578", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1303-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153578);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30629\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1303-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1303-1 advisory.\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Use after free in Selection API. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE. (CVE-2021-30626)\n\n - Type Confusion in Blink layout. (CVE-2021-30627, CVE-2021-30631)\n\n - Stack buffer overflow in ANGLE. (CVE-2021-30628)\n\n - Use after free in Permissions. (CVE-2021-30629)\n\n - Inappropriate implementation in Blink . (CVE-2021-30630)\n\n - Out of bounds write in V8. (CVE-2021-30632)\n\n - Use after free in Indexed DB API. (CVE-2021-30633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190476\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XKFA6UOYGKCDBHHUW6MA56YT5KIDLCNF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce02713e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-93.0.4577.82-lp152.2.125.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-93.0.4577.82-lp152.2.125.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:57:05", "description": "The version of Google Chrome installed on the remote macOS host is prior to 92.0.4515.107. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Google Chrome < 92.0.4515.107 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_92_0_4515_107.NASL", "href": "https://www.tenable.com/plugins/nessus/151832", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151832);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"Google Chrome < 92.0.4515.107 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 92.0.4515.107. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_07_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b961beb2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1211326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1218707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1101897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1214234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1227315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1205981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1179290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1213350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180510\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 92.0.4515.107 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'92.0.4515.107', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:44", "description": "The version of Google Chrome installed on the remote Windows host is prior to 93.0.4577.63. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Google Chrome < 93.0.4577.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_93_0_4577_63.NASL", "href": "https://www.tenable.com/plugins/nessus/152928", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152928);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"Google Chrome < 93.0.4577.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 93.0.4577.63. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc7074cc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1239595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1231432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1226909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1232279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1063518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1224419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1223667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1230513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 93.0.4577.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'93.0.4577.63', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:25", "description": "The version of Google Chrome installed on the remote macOS host is prior to 93.0.4577.63. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Google Chrome < 93.0.4577.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_93_0_4577_63.NASL", "href": "https://www.tenable.com/plugins/nessus/152927", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n\n script_name(english:\"Google Chrome < 93.0.4577.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 93.0.4577.63. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop_31 advisory.\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc7074cc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1239595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1207315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1231432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1226909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1232279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1235222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1063518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1204722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1224419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1223667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1230513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 93.0.4577.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'93.0.4577.63', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:14:38", "description": "Chrome Releases reports :\n\nThis release contains 27 security fixes, including :\n\n- [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28\n\n- [1235949] High CVE-2021-30607: Use after free in Permissions.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03\n\n- [1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15\n\n- [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13\n\n- [1200440] High CVE-2021-30610: Use after free in Extensions API.\nReported by Igor Bukanov from Vivaldi on 2021-04-19\n\n- [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28\n\n- [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29\n\n- [1209622] Medium CVE-2021-30613: Use after free in Base internals.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16\n\n- [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip.\nReported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10\n\n- [1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12\n\n- [1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21\n\n- [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07\n\n- [1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23\n\n- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02\n\n- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20\n\n- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30\n\n- [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28\n\n- [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25\n\n- [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19", "cvss3": {}, "published": "2021-09-07T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624"], "modified": "2021-09-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A77328060B2A11EC836B3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/153062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/10\");\n\n script_cve_id(\"CVE-2021-30606\", \"CVE-2021-30607\", \"CVE-2021-30608\", \"CVE-2021-30609\", \"CVE-2021-30610\", \"CVE-2021-30611\", \"CVE-2021-30612\", \"CVE-2021-30613\", \"CVE-2021-30614\", \"CVE-2021-30615\", \"CVE-2021-30616\", \"CVE-2021-30617\", \"CVE-2021-30618\", \"CVE-2021-30619\", \"CVE-2021-30620\", \"CVE-2021-30621\", \"CVE-2021-30622\", \"CVE-2021-30623\", \"CVE-2021-30624\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 27 security fixes, including :\n\n- [1233975] High CVE-2021-30606: Use after free in Blink. Reported by\nNan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab\non 2021-07-28\n\n- [1235949] High CVE-2021-30607: Use after free in Permissions.\nReported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\nQi'anxin Group on 2021-08-03\n\n- [1219870] High CVE-2021-30608: Use after free in Web Share. Reported\nby Huyna at Viettel Cyber Security on 2021-06-15\n\n- [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported\nby raven (@raid_akame) on 2021-08-13\n\n- [1200440] High CVE-2021-30610: Use after free in Extensions API.\nReported by Igor Bukanov from Vivaldi on 2021-04-19\n\n- [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported\nby Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha\nLab on 2021-07-28\n\n- [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported\nby Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha\nLab on 2021-07-29\n\n- [1209622] Medium CVE-2021-30613: Use after free in Base internals.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16\n\n- [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip.\nReported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile\nTelecommunications Corp. Ltd. on 2021-05-10\n\n- [1208614] Medium CVE-2021-30615: Cross-origin data leak in\nNavigation. Reported by NDevTK on 2021-05-12\n\n- [1231432] Medium CVE-2021-30616: Use after free in Media. Reported\nby Anonymous on 2021-07-21\n\n- [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by\nNDevTK on 2021-07-07\n\n- [1232279] Medium CVE-2021-30618: Inappropriate implementation in\nDevTools. Reported by @DanAmodio and @mattaustin from Contrast\nSecurity on 2021-07-23\n\n- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported\nby Alesandro Ortiz on 2021-08-02\n\n- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in\nBlink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\nResearch on 2020-03-20\n\n- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported\nby Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on\n2021-04-30\n\n- [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on\n2021-06-28\n\n- [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported\nby Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25\n\n- [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported\nby Wei Yuan of MoyunSec VLab on 2021-07-19\"\n );\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc7074cc\"\n );\n # https://vuxml.freebsd.org/freebsd/a7732806-0b2a-11ec-836b-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf35cc60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30623\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<93.0.4577.63\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:59", "description": "The version of Google Chrome installed on the remote macOS host is prior to 96.0.4664.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-15T00:00:00", "type": "nessus", "title": "Google Chrome < 96.0.4664.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_96_0_4664_45.NASL", "href": "https://www.tenable.com/plugins/nessus/155353", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155353);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n\n script_name(english:\"Google Chrome < 96.0.4664.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 96.0.4664.45. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8cf8e77e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1254189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1263620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1264477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/957553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1244289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1256822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1259694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 96.0.4664.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'96.0.4664.45', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:59", "description": "The version of Google Chrome installed on the remote Windows host is prior to 96.0.4664.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-15T00:00:00", "type": "nessus", "title": "Google Chrome < 96.0.4664.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_96_0_4664_45.NASL", "href": "https://www.tenable.com/plugins/nessus/155352", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155352);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n\n script_name(english:\"Google Chrome < 96.0.4664.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 96.0.4664.45. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_11_stable-channel-update-for-desktop advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8cf8e77e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1254189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1263620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1264477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/957553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1244289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1256822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1251179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1259694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248862\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 96.0.4664.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'96.0.4664.45', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:30:38", "description": "The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 95.0.4638.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_95_0_4638_54.NASL", "href": "https://www.tenable.com/plugins/nessus/154238", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154238);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"Google Chrome < 95.0.4638.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.54. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1246631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1228248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1247395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1243020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 95.0.4638.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'95.0.4638.54', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:35:27", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1392-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1392-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/154513", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1392-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154513);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1392-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1392-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191844\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PA4QP5O5NS7MLCPJRQA74564MFVWF24/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?73a3f306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-95.0.4638.54-bp153.2.37.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-95.0.4638.54-bp153.2.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-bp153.2.37.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-bp153.2.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:33:45", "description": "Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n\n- [1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11\n\n- [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15\n\n- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.\nReported by Antti Levomaki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27\n\n- [1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20\n\n- [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings.\nReported by raven (@raid_akame) on 2021-08-23\n\n- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n\n- [1228248] Medium CVE-2021-37988: Use after free in Profiles.\nReported by raven (@raid_akame) on 2021-07-12\n\n- [1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n\n- [1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07\n\n- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17\n\n- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.\nReported by sunburst@Ant Security Light-Year Lab on 2021-09-28\n\n- [1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02\n\n- [1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24\n\n- [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30\n\n- [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23", "cvss3": {}, "published": "2021-10-21T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (bdaecfad-3117-11ec-b3b0-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BDAECFAD311711ECB3B03065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/154316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154316);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (bdaecfad-3117-11ec-b3b0-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n\n- [1248661] High CVE-2021-37982: Use after free in Incognito. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2021-09-11\n\n- [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported\nby Zhihua Yao of KunLun Lab on 2021-09-15\n\n- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.\nReported by Antti Levomaki, Joonas Pihlaja andChristian Jali from\nForcepoint on 2021-09-27\n\n- [1241860] High CVE-2021-37985: Use after free in V8. Reported by\nYangkang (@dnpushme) of 360 ATA on 2021-08-20\n\n- [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings.\nReported by raven (@raid_akame) on 2021-08-23\n\n- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.\nReported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n\n- [1228248] Medium CVE-2021-37988: Use after free in Profiles.\nReported by raven (@raid_akame) on 2021-07-12\n\n- [1233067] Medium CVE-2021-37989: Inappropriate implementation in\nBlink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n\n- [1247395] Medium CVE-2021-37990: Inappropriate implementation in\nWebView. Reported by Kareem Selim of CyShield on 2021-09-07\n\n- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel\nGross of Google Project Zero on 2021-09-17\n\n- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.\nReported by sunburst@Ant Security Light-Year Lab on 2021-09-28\n\n- [1255332] Medium CVE-2021-37993: Use after free in PDF\nAccessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO\nMobile Telecommunications Corp. Ltd. on 2021-10-02\n\n- [1243020] Medium CVE-2021-37996: Insufficient validation of\nuntrusted input in Downloads. Reported by Anonymous on 2021-08-24\n\n- [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame\nSandbox. Reported by David Erceg on 2020-06-30\n\n- [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp\nInstaller. Reported by Terence Eden on 2021-08-23\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n # https://vuxml.freebsd.org/freebsd/bdaecfad-3117-11ec-b3b0-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae669e5c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<95.0.4638.54\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:40:40", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory.\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1488.NASL", "href": "https://www.tenable.com/plugins/nessus/155652", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1488-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155652);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1488-1 advisory.\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a\n user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced\n a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote\n attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2KPG5DWW4SNUCP3CCQ2LC7L3RKCFTIAA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a94c608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-81.0.4196.31-lp152.2.76.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:33:32", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1396-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-31T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1396.NASL", "href": "https://www.tenable.com/plugins/nessus/154748", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1396-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154748);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1396-1 advisory.\n\n - : Heap buffer overflow in Skia. (CVE-2021-37981)\n\n - : Use after free in Incognito. (CVE-2021-37982)\n\n - : Use after free in Dev Tools. (CVE-2021-37983)\n\n - : Heap buffer overflow in PDFium. (CVE-2021-37984)\n\n - : Use after free in V8. (CVE-2021-37985)\n\n - : Heap buffer overflow in Settings. (CVE-2021-37986)\n\n - : Use after free in Network APIs. (CVE-2021-37987)\n\n - : Use after free in Profiles. (CVE-2021-37988)\n\n - : Inappropriate implementation in Blink. (CVE-2021-37989)\n\n - : Inappropriate implementation in WebView. (CVE-2021-37990)\n\n - : Race in V8. (CVE-2021-37991)\n\n - : Out of bounds read in WebAudio. (CVE-2021-37992)\n\n - : Use after free in PDF Accessibility. (CVE-2021-37993)\n\n - : Inappropriate implementation in iFrame Sandbox. (CVE-2021-37994)\n\n - : Inappropriate implementation in WebApp Installer. (CVE-2021-37995)\n\n - : Insufficient validation of untrusted input in Downloads. (CVE-2021-37996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191844\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JYLHMZTJJPI73VMWKC3ARZ4PIBXUS3VM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ef07378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-95.0.4638.54-lp152.2.135.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-95.0.4638.54-lp152.2.135.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:31:21", "description": "The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 95.0.4638.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_95_0_4638_54.NASL", "href": "https://www.tenable.com/plugins/nessus/154239", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154239);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"Google Chrome < 95.0.4638.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 95.0.4638.54. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_10_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0836418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1246631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1228248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1247395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1253746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1243020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1100761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1242315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 95.0.4638.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'95.0.4638.54', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:14", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589", "CVE-2021-36928", "CVE-2021-36929", "CVE-2021-36931"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_92_0_902_55.NASL", "href": "https://www.tenable.com/plugins/nessus/152004", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152004);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-30565\",\n \"CVE-2021-30566\",\n \"CVE-2021-30567\",\n \"CVE-2021-30568\",\n \"CVE-2021-30569\",\n \"CVE-2021-30571\",\n \"CVE-2021-30572\",\n \"CVE-2021-30573\",\n \"CVE-2021-30574\",\n \"CVE-2021-30575\",\n \"CVE-2021-30576\",\n \"CVE-2021-30577\",\n \"CVE-2021-30578\",\n \"CVE-2021-30579\",\n \"CVE-2021-30580\",\n \"CVE-2021-30581\",\n \"CVE-2021-30582\",\n \"CVE-2021-30583\",\n \"CVE-2021-30584\",\n \"CVE-2021-30585\",\n \"CVE-2021-30586\",\n \"CVE-2021-30587\",\n \"CVE-2021-30588\",\n \"CVE-2021-30589\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0346-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected\nby multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-22-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc471fea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 92.0.902.55 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '92.0.902.55' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-08T15:16:18", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0070-1 advisory.\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : nodejs-electron (openSUSE-SU-2022:0070-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37981", "CVE-2021-37984", "CVE-2021-37987", "CVE-2021-37989", "CVE-2021-37992", "CVE-2021-37996", "CVE-2021-37998", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs-electron", "p-cpe:/a:novell:opensuse:nodejs-electron-devel", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0070-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158639", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0070-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158639);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-30625\",\n \"CVE-2021-30626\",\n \"CVE-2021-30627\",\n \"CVE-2021-30628\",\n \"CVE-2021-30630\",\n \"CVE-2021-30631\",\n \"CVE-2021-30632\",\n \"CVE-2021-30633\",\n \"CVE-2021-37981\",\n \"CVE-2021-37984\",\n \"CVE-2021-37987\",\n \"CVE-2021-37989\",\n \"CVE-2021-37992\",\n \"CVE-2021-37996\",\n \"CVE-2021-37998\",\n \"CVE-2021-38001\",\n \"CVE-2021-38002\",\n \"CVE-2021-38003\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0411-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0522-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : nodejs-electron (openSUSE-SU-2022:0070-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0070-1 advisory.\n\n - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2021-30625)\n\n - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626)\n\n - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627)\n\n - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to\n potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who\n had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-30630)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2021-30631)\n\n - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30632)\n\n - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-30633)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G2JZKFAH5MWINMQLTSYZ2GQCLX5UGIGE/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09a3d8c4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs-electron and / or nodejs-electron-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38003\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-electron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-electron-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'nodejs-electron-16.0.9-bp153.2.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-electron-devel-16.0.9-bp153.2.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs-electron / nodejs-electron-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-28T14:33:45", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected by multiple vulnerabilities as referenced in the October 21, 2021 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-21T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-42307"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_95_0_1020_30.NASL", "href": "https://www.tenable.com/plugins/nessus/154327", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154327);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\",\n \"CVE-2021-42307\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected\nby multiple vulnerabilities as referenced in the October 21, 2021 advisory.\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-21-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d633bfe\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 95.0.1020.30 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '95.0.1020.30' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:01", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5046 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979)\n\n - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. (CVE-2021-37980)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38004)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-15T00:00:00", "type": "nessus", "title": "Debian DSA-5046-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5046.NASL", "href": "https://www.tenable.com/plugins/nessus/156763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5046. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156763);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-4052\",\n \"CVE-2021-4053\",\n \"CVE-2021-4054\",\n \"CVE-2021-4055\",\n \"CVE-2021-4056\",\n \"CVE-2021-4057\",\n \"CVE-2021-4058\",\n \"CVE-2021-4059\",\n \"CVE-2021-4061\",\n \"CVE-2021-4062\",\n \"CVE-2021-4063\",\n \"CVE-2021-4064\",\n \"CVE-2021-4065\",\n \"CVE-2021-4066\",\n \"CVE-2021-4067\",\n \"CVE-2021-4068\",\n \"CVE-2021-4078\",\n \"CVE-2021-4079\",\n \"CVE-2021-4098\",\n \"CVE-2021-4099\",\n \"CVE-2021-4100\",\n \"CVE-2021-4101\",\n \"CVE-2021-4102\",\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37980\",\n \"CVE-2021-37981\",\n \"CVE-2021-37982\",\n \"CVE-2021-37983\",\n \"CVE-2021-37984\",\n \"CVE-2021-37985\",\n \"CVE-2021-37986\",\n \"CVE-2021-37987\",\n \"CVE-2021-37988\",\n \"CVE-2021-37989\",\n \"CVE-2021-37990\",\n \"CVE-2021-37991\",\n \"CVE-2021-37992\",\n \"CVE-2021-37993\",\n \"CVE-2021-37994\",\n \"CVE-2021-37995\",\n \"CVE-2021-37996\",\n \"CVE-2021-37997\",\n \"CVE-2021-37998\",\n \"CVE-2021-37999\",\n \"CVE-2021-38000\",\n \"CVE-2021-38001\",\n \"CVE-2021-38002\",\n \"CVE-2021-38003\",\n \"CVE-2021-38004\",\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\",\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0491-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0522-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0555-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0568-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0576-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0001-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/29\");\n\n script_name(english:\"Debian DSA-5046-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5046 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978)\n\n - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who\n convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2021-37979)\n\n - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker\n to potentially bypass site isolation via Windows. (CVE-2021-37980)\n\n - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37981)\n\n - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982)\n\n - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983)\n\n - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984)\n\n - Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a\n user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37985)\n\n - Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37986)\n\n - Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37987)\n\n - Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced\n a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37988)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n abuse content security policy via a crafted HTML page. (CVE-2021-37989)\n\n - Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote\n attacker to leak cross-origin data via a crafted app. (CVE-2021-37990)\n\n - Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2021-37991)\n\n - Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37992)\n\n - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993)\n\n - Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-37994)\n\n - Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote\n attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-37995)\n\n - Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a\n remote attacker to bypass navigation restrictions via a malicious file. (CVE-2021-37996)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a\n user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote\n attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69\n allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\n - Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38001)\n\n - Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38002)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38004)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed\n a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via\n a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a\n remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-37999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 97.0.4692.71-0.1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0115\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0097\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '97.0.4692.71-0.1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '97.0.4692.71-0.1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '97.0.4692.71-0.1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '97.0.4692.71-0.1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '97.0.4692.71-0.1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '97.0.4692.71-0.1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:22", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory.\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-10T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-42308", "CVE-2021-43221"], "modified": "2023-02-13T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_96_0_1054_29.NASL", "href": "https://www.tenable.com/plugins/nessus/171335", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171335);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/13\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\",\n \"CVE-2021-42308\",\n \"CVE-2021-43221\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected\nby multiple vulnerabilities as referenced in the November 19, 2021 advisory.\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\n - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-38009)\n\n - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2021-38010)\n\n - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed\n a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via\n a crafted HTML page. (CVE-2021-38013)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014)\n\n - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (CVE-2021-38015)\n\n - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a\n remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016)\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2021-38019)\n\n - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2021-38020)\n\n - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?245dfb65\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 96.0.1054.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\n\nvar extended = FALSE;\nif (app_info['Channel'] == 'extended') extended = TRUE;\n\nvar constraints;\nif (!extended) {\n\tconstraints = [\n \t\t{ 'fixed_version' : '96.0.1054.29' }\n\t];\n} else {\n\taudit(AUDIT_INST_VER_NOT_VULN, 'Microsoft Edge (Chromium)');\n};\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T14:17:27", "description": "The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.99. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0308)\n\n - Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0289)\n\n - Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-19T00:00:00", "type": "nessus", "title": "Google Chrome < 97.0.4692.99 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_97_0_4692_99.NASL", "href": "https://www.tenable.com/plugins/nessus/156861", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156861);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0289\",\n \"CVE-2022-0290\",\n \"CVE-2022-0291\",\n \"CVE-2022-0292\",\n \"CVE-2022-0293\",\n \"CVE-2022-0294\",\n \"CVE-2022-0295\",\n \"CVE-2022-0296\",\n \"CVE-2022-0297\",\n \"CVE-2022-0298\",\n \"CVE-2022-0300\",\n \"CVE-2022-0301\",\n \"CVE-2022-0302\",\n \"CVE-2022-0304\",\n \"CVE-2022-0305\",\n \"CVE-2022-0306\",\n \"CVE-2022-0307\",\n \"CVE-2022-0308\",\n \"CVE-2022-0309\",\n \"CVE-2022-0310\",\n \"CVE-2022-0311\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0042-S\");\n\n script_name(english:\"Google Chrome < 97.0.4692.99 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.99. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0308)\n\n - Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0289)\n\n - Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker\n who had compromised the renderer process to bypass site isolation via a crafted HTML page. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote\n attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML\n page. (CVE-2022-0292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9140b07\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1284367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1270358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1274316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1275438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1276331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283807\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 97.0.4692.99 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0311\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0290\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'97.0.4692.99', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-20T15:06:43", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0019-1 advisory.\n\n - Use after free in Safe browsing. (CVE-2022-0289)\n\n - Use after free in Site isolation. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames. (CVE-2022-0292)\n\n - Use after free in Web packaging. (CVE-2022-0293)\n\n - Inappropriate implementation in Push messaging. (CVE-2022-0294)\n\n - Use after free in Omnibox. (CVE-2022-0295, CVE-2022-0302)\n\n - Use after free in Printing. (CVE-2022-0296)\n\n - Use after free in Vulkan. (CVE-2022-0297)\n\n - Use after free in Scheduling. (CVE-2022-0298)\n\n - Use after free in Text Input Method Editor. (CVE-2022-0300)\n\n - Heap buffer overflow in DevTools. (CVE-2022-0301)\n\n - Race in GPU Watchdog. (CVE-2022-0303)\n\n - Use after free in Bookmarks. (CVE-2022-0304)\n\n - Inappropriate implementation in Service Worker API. (CVE-2022-0305)\n\n - Heap buffer overflow in PDFium. (CVE-2022-0306)\n\n - Use after free in Optimization Guide. (CVE-2022-0307)\n\n - Use after free in Data Transfer. (CVE-2022-0308)\n\n - Inappropriate implementation in Autofill. (CVE-2022-0309)\n\n - Heap buffer overflow in Task Manager. (CVE-2022-0310, CVE-2022-0311)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0019-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0019-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157082", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0019-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157082);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0289\",\n \"CVE-2022-0290\",\n \"CVE-2022-0291\",\n \"CVE-2022-0292\",\n \"CVE-2022-0293\",\n \"CVE-2022-0294\",\n \"CVE-2022-0295\",\n \"CVE-2022-0296\",\n \"CVE-2022-0297\",\n \"CVE-2022-0298\",\n \"CVE-2022-0300\",\n \"CVE-2022-0301\",\n \"CVE-2022-0302\",\n \"CVE-2022-0303\",\n \"CVE-2022-0304\",\n \"CVE-2022-0305\",\n \"CVE-2022-0306\",\n \"CVE-2022-0307\",\n \"CVE-2022-0308\",\n \"CVE-2022-0309\",\n \"CVE-2022-0310\",\n \"CVE-2022-0311\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0042-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0019-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0019-1 advisory.\n\n - Use after free in Safe browsing. (CVE-2022-0289)\n\n - Use after free in Site isolation. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames. (CVE-2022-0292)\n\n - Use after free in Web packaging. (CVE-2022-0293)\n\n - Inappropriate implementation in Push messaging. (CVE-2022-0294)\n\n - Use after free in Omnibox. (CVE-2022-0295, CVE-2022-0302)\n\n - Use after free in Printing. (CVE-2022-0296)\n\n - Use after free in Vulkan. (CVE-2022-0297)\n\n - Use after free in Scheduling. (CVE-2022-0298)\n\n - Use after free in Text Input Method Editor. (CVE-2022-0300)\n\n - Heap buffer overflow in DevTools. (CVE-2022-0301)\n\n - Race in GPU Watchdog. (CVE-2022-0303)\n\n - Use after free in Bookmarks. (CVE-2022-0304)\n\n - Inappropriate implementation in Service Worker API. (CVE-2022-0305)\n\n - Heap buffer overflow in PDFium. (CVE-2022-0306)\n\n - Use after free in Optimization Guide. (CVE-2022-0307)\n\n - Use after free in Data Transfer. (CVE-2022-0308)\n\n - Inappropriate implementation in Autofill. (CVE-2022-0309)\n\n - Heap buffer overflow in Task Manager. (CVE-2022-0310, CVE-2022-0311)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194919\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WXZCTLOB2POU23DZG3IW6R4QQB3Q2FON/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e36686b2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0311\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0311\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0290\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-97.0.4692.99-bp153.2.57.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-97.0.4692.99-bp153.2.57.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-97.0.4692.99-bp153.2.57.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-97.0.4692.99-bp153.2.57.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:51", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-12T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/154006", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1339-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154006);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1339-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GDJ2M5H37726GXT3YZBJRSXV3JYGN7CL/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6c232f4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37975\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.71-bp153.2.31.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-24T14:16:22", "description": "The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.99. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0308)\n\n - Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0289)\n\n - Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-19T00:00:00", "type": "nessus", "title": "Google Chrome < 97.0.4692.99 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_97_0_4692_99.NASL", "href": "https://www.tenable.com/plugins/nessus/156862", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156862);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0289\",\n \"CVE-2022-0290\",\n \"CVE-2022-0291\",\n \"CVE-2022-0292\",\n \"CVE-2022-0293\",\n \"CVE-2022-0294\",\n \"CVE-2022-0295\",\n \"CVE-2022-0296\",\n \"CVE-2022-0297\",\n \"CVE-2022-0298\",\n \"CVE-2022-0300\",\n \"CVE-2022-0301\",\n \"CVE-2022-0302\",\n \"CVE-2022-0304\",\n \"CVE-2022-0305\",\n \"CVE-2022-0306\",\n \"CVE-2022-0307\",\n \"CVE-2022-0308\",\n \"CVE-2022-0309\",\n \"CVE-2022-0310\",\n \"CVE-2022-0311\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0042-S\");\n\n script_name(english:\"Google Chrome < 97.0.4692.99 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.99. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0308)\n\n - Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0289)\n\n - Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0290)\n\n - Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker\n who had compromised the renderer process to bypass site isolation via a crafted HTML page. (CVE-2022-0291)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote\n attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML\n page. (CVE-2022-0292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9140b07\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1284367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1270358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1274316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1275438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1276331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1281881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1282480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1283807\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 97.0.4692.99 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0311\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0290\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'97.0.4692.99', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:26", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-20T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-42308", "CVE-2021-43221"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_96_0_1052_29.NASL", "href": "https://www.tenable.com/plugins/nessus/155653", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155653);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-38005\",\n \"CVE-2021-38006\",\n \"CVE-2021-38007\",\n \"CVE-2021-38008\",\n \"CVE-2021-38009\",\n \"CVE-2021-38010\",\n \"CVE-2021-38011\",\n \"CVE-2021-38012\",\n \"CVE-2021-38013\",\n \"CVE-2021-38014\",\n \"CVE-2021-38015\",\n \"CVE-2021-38016\",\n \"CVE-2021-38017\",\n \"CVE-2021-38018\",\n \"CVE-2021-38019\",\n \"CVE-2021-38020\",\n \"CVE-2021-38021\",\n \"CVE-2021-38022\",\n \"CVE-2021-43221\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected\nby multiple vulnerabilities as referenced in the November 19, 2021 advisory.\n\n - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017)\n\n - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38005)\n\n - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012)\n\n - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-38008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#november-19-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?95dce263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 96.0.1052.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38017\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '96.0.1052.29' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:38", "description": "The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-04T00:00:00", "type": "nessus", "title": "Google Chrome < 97.0.4692.71 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0337"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_97_0_4692_71.NASL", "href": "https://www.tenable.com/plugins/nessus/156461", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156461);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\",\n \"CVE-2022-0337\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0001-S\");\n\n script_name(english:\"Google Chrome < 97.0.4692.71 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.71. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who\n convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox\n via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific\n user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a\n user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ffc44e4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1275020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1245629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1238209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1272266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1274376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1261689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1237310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1267627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1272250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1238631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262953\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 97.0.4692.71 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0115\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0097\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'97.0.4692.71', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:16", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/154079", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1350-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154079);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\",\n \"CVE-2021-37974\",\n \"CVE-2021-37975\",\n \"CVE-2021-37976\",\n \"CVE-2021-37977\",\n \"CVE-2021-37978\",\n \"CVE-2021-37979\",\n \"CVE-2021-37980\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0449-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0459-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1350-1 advisory.\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\n - : Inappropriate implementation in Blink graphics. (CVE-2021-37960)\n\n - Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)\n\n - Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37962)\n\n - Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote\n attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)\n\n - Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54\n allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation\n attack via a crafted ONC file. (CVE-2021-37964)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)\n\n - Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a\n remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML\n page. (CVE-2021-37967)\n\n - Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)\n\n - Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)\n\n - Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker\n to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)\n\n - Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37974)\n\n - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37975)\n\n - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to\n obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)\n\n - : Use after free in Garbage Collection. (CVE-2021-37977)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)\n\n - : Heap buffer overflow in WebRTC. (CVE-2021-37979)\n\n - : Inappropriate implementation in Sandbox. (CVE-2021-37980)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191463\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGCILKKE7TLKATFOFTDHZ573UHODPDOM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba7d1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37979\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-94.0.4606.81-lp152.2.132.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:38", "description": "The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-04T00:00:00", "type": "nessus", "title": "Google Chrome < 97.0.4692.71 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0337"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_97_0_4692_71.NASL", "href": "https://www.tenable.com/plugins/nessus/156462", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156462);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\",\n \"CVE-2022-0337\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0001-S\");\n\n script_name(english:\"Google Chrome < 97.0.4692.71 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.71. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_01_stable-channel-update-for-desktop advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who\n convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox\n via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific\n user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a\n user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ffc44e4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1275020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1245629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1238209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1249426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1260129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1272266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1274376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1278960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1248444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1261689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1237310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1241188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1255713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1267627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1272250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1238631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1262953\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 97.0.4692.71 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0115\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0097\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'97.0.4692.71', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:36", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0014-1 advisory.\n\n - Use after free in Storage. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools. (CVE-2022-0097)\n\n - Use after free in Screen Capture. (CVE-2022-0098)\n\n - Use after free in Sign-in. (CVE-2022-0099)\n\n - Heap buffer overflow in Media streams API. (CVE-2022-0100)\n\n - Heap buffer overflow in Bookmarks. (CVE-2022-0101)\n\n - Type Confusion in V8 . (CVE-2022-0102)\n\n - Use after free in SwiftShader. (CVE-2022-0103)\n\n - Heap buffer overflow in ANGLE. (CVE-2022-0104)\n\n - Use after free in PDF. (CVE-2022-0105)\n\n - Use after free in Autofill. (CVE-2022-0106)\n\n - Use after free in File Manager API. (CVE-2022-0107)\n\n - Inappropriate implementation in Navigation. (CVE-2022-0108, CVE-2022-0111)\n\n - Inappropriate implementation in Autofill. (CVE-2022-0109)\n\n - Incorrect security UI in Autofill. (CVE-2022-0110)\n\n - Incorrect security UI in Browser UI. (CVE-2022-0112)\n\n - Inappropriate implementation in Blink. (CVE-2022-0113)\n\n - Out of bounds memory access in Web Serial. (CVE-2022-0114)\n\n - Uninitialized Use in File API. (CVE-2022-0115)\n\n - Inappropriate implementation in Compositing. (CVE-2022-0116)\n\n - Policy bypass in Service Workers. (CVE-2022-0117)\n\n - Inappropriate implementation in WebShare. (CVE-2022-0118)\n\n - Inappropriate implementation in Passwords. (CVE-2022-0120)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-18T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0014-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156781", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0014-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156781);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0014-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0014-1 advisory.\n\n - Use after free in Storage. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools. (CVE-2022-0097)\n\n - Use after free in Screen Capture. (CVE-2022-0098)\n\n - Use after free in Sign-in. (CVE-2022-0099)\n\n - Heap buffer overflow in Media streams API. (CVE-2022-0100)\n\n - Heap buffer overflow in Bookmarks. (CVE-2022-0101)\n\n - Type Confusion in V8 . (CVE-2022-0102)\n\n - Use after free in SwiftShader. (CVE-2022-0103)\n\n - Heap buffer overflow in ANGLE. (CVE-2022-0104)\n\n - Use after free in PDF. (CVE-2022-0105)\n\n - Use after free in Autofill. (CVE-2022-0106)\n\n - Use after free in File Manager API. (CVE-2022-0107)\n\n - Inappropriate implementation in Navigation. (CVE-2022-0108, CVE-2022-0111)\n\n - Inappropriate implementation in Autofill. (CVE-2022-0109)\n\n - Incorrect security UI in Autofill. (CVE-2022-0110)\n\n - Incorrect security UI in Browser UI. (CVE-2022-0112)\n\n - Inappropriate implementation in Blink. (CVE-2022-0113)\n\n - Out of bounds memory access in Web Serial. (CVE-2022-0114)\n\n - Uninitialized Use in File API. (CVE-2022-0115)\n\n - Inappropriate implementation in Compositing. (CVE-2022-0116)\n\n - Policy bypass in Service Workers. (CVE-2022-0117)\n\n - Inappropriate implementation in WebShare. (CVE-2022-0118)\n\n - Inappropriate implementation in Passwords. (CVE-2022-0120)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194331\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XW7HD7EA7DNOWMGKDOA6BCE6FBFET4WB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34e4adbe\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0120\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0115\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0097\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-97.0.4692.71-bp153.2.54.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-97.0.4692.71-bp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-97.0.4692.71-bp153.2.54.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-97.0.4692.71-bp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:37", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-05T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9EECCBF36E2611ECBB103065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/156469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156469);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-0096\",\n \"CVE-2022-0097\",\n \"CVE-2022-0098\",\n \"CVE-2022-0099\",\n \"CVE-2022-0100\",\n \"CVE-2022-0101\",\n \"CVE-2022-0102\",\n \"CVE-2022-0103\",\n \"CVE-2022-0104\",\n \"CVE-2022-0105\",\n \"CVE-2022-0106\",\n \"CVE-2022-0107\",\n \"CVE-2022-0108\",\n \"CVE-2022-0109\",\n \"CVE-2022-0110\",\n \"CVE-2022-0111\",\n \"CVE-2022-0112\",\n \"CVE-2022-0113\",\n \"CVE-2022-0114\",\n \"CVE-2022-0115\",\n \"CVE-2022-0116\",\n \"CVE-2022-0117\",\n \"CVE-2022-0118\",\n \"CVE-2022-0120\"\n );\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec advisory.\n\n - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-0107)\n\n - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0096)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who\n convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox\n via a crafted HTML page. (CVE-2022-0097)\n\n - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker\n who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific\n user gestures. (CVE-2022-0098)\n\n - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a\n user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.\n (CVE-2022-0099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ffc44e4\");\n # https://vuxml.freebsd.org/freebsd/9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c16445c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0115\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0097\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<97.0.4692.71'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-17T14:44:01", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory.\n\n - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-20T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311", "CVE-2022-23258"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_97_0_1072_69.NASL", "href": "https://www.tenable.com/plugins/nessus/156916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156916);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-23258\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected\nby multiple vulnerabilities as referenced in the January 20, 2022 advisory.\n\n - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-20-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c365598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 97.0.1072.69 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23258\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '97.0.1072.69' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:35", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory.\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436)\n\n - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930)\n\n - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641)\n\n - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-18T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26436", "CVE-2021-26439", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-36930", "CVE-2021-38641", "CVE-2021-38642"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_93_0_961_38.NASL", "href": "https://www.tenable.com/plugins/nessus/155601", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155601);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-26436\",\n \"CVE-2021-26439\",\n \"CVE-2021-30606\",\n \"CVE-2021-30607\",\n \"CVE-2021-30608\",\n \"CVE-2021-30609\",\n \"CVE-2021-30610\",\n \"CVE-2021-30611\",\n \"CVE-2021-30612\",\n \"CVE-2021-30613\",\n \"CVE-2021-30614\",\n \"CVE-2021-30615\",\n \"CVE-2021-30616\",\n \"CVE-2021-30617\",\n \"CVE-2021-30618\",\n \"CVE-2021-30619\",\n \"CVE-2021-30620\",\n \"CVE-2021-30621\",\n \"CVE-2021-30622\",\n \"CVE-2021-30623\",\n \"CVE-2021-30624\",\n \"CVE-2021-36930\",\n \"CVE-2021-38641\",\n \"CVE-2021-38642\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0401-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0432-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 2, 2021 advisory.\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from\n CVE-2021-36930. (CVE-2021-26436)\n\n - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439)\n\n - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)\n\n - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)\n\n - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)\n\n - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)\n\n - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)\n\n - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)\n\n - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)\n\n - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)\n\n - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)\n\n - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)\n\n - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)\n\n - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)\n\n - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)\n\n - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)\n\n - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)\n\n - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)\n\n - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)\n\n - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)\n\n - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from\n CVE-2021-26436. (CVE-2021-36930)\n\n - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641)\n\n - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-2-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eab98635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 93.0.961.38 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36930\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '93.0.961.38' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:32", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-24T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972", "CVE-2021-37973"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_94_0_992_31.NASL", "href": "https://www.tenable.com/plugins/nessus/153666", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153666);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-37956\",\n \"CVE-2021-37957\",\n \"CVE-2021-37958\",\n \"CVE-2021-37959\",\n \"CVE-2021-37960\",\n \"CVE-2021-37961\",\n \"CVE-2021-37962\",\n \"CVE-2021-37963\",\n \"CVE-2021-37964\",\n \"CVE-2021-37965\",\n \"CVE-2021-37966\",\n \"CVE-2021-37967\",\n \"CVE-2021-37968\",\n \"CVE-2021-37969\",\n \"CVE-2021-37970\",\n \"CVE-2021-37971\",\n \"CVE-2021-37972\",\n \"CVE-2021-37973\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0448-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected\nby multiple vulnerabilities as referenced in the September 24, 2021 advisory.\n\n - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2021-37973)\n\n - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37956)\n\n - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-37957)\n\n - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a\n remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)\n\n - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a\n user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-37959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dbcb9b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 94.0.992.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '94.0.992.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:40", "description": "Chrome Releases reports :\n\nThis release contains 9 security fixes, including :\n\n- [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30\n\n- [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30\n\n- [1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20\n\n- [1234009] High CVE-2021-30601: Use after free in Extensions API.\nReported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28\n\n- [1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-07-19\n\n- [1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27\n\n- [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30", "cvss3": {}, "published": "2021-08-18T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (128deba6-ff56-11eb-8514-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2021-09-27T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_128DEBA6FF5611EB85143065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/152657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(152657);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/27\");\n\n script_cve_id(\"CVE-2021-30598\", \"CVE-2021-30599\", \"CVE-2021-30600\", \"CVE-2021-30601\", \"CVE-2021-30602\", \"CVE-2021-30603\", \"CVE-2021-30604\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (128deba6-ff56-11eb-8514-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 9 security fixes, including :\n\n- [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by\nManfred Paul on 2021-07-30\n\n- [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by\nManfred Paul on 2021-07-30\n\n- [1231134] High CVE-2021-30600: Use after free in Printing. Reported\nby Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20\n\n- [1234009] High CVE-2021-30601: Use after free in Extensions API.\nReported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360\nAlpha Lab on 2021-07-28\n\n- [1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by\nMarcin Towalski of Cisco Talos on 2021-07-19\n\n- [1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei\nGlazunov of Google Project Zero on 2021-07-27\n\n- [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by\nSeong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30\"\n );\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c3354a6\"\n );\n # https://vuxml.freebsd.org/freebsd/128deba6-ff56-11eb-8514-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?549d7414\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<92.0.4515.159\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:51", "description": "The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-16T00:00:00", "type": "nessus", "title": "Google Chrome < 92.0.4515.159 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_92_0_4515_159.NASL", "href": "https://www.tenable.com/plugins/nessus/152609", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152609);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-30598\",\n \"CVE-2021-30599\",\n \"CVE-2021-30600\",\n \"CVE-2021-30601\",\n \"CVE-2021-30602\",\n \"CVE-2021-30603\",\n \"CVE-2021-30604\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0385-S\");\n\n script_name(english:\"Google Chrome < 92.0.4515.159 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 92.0.4515.159. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_08_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30604)\n\n - Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30600)\n\n - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30601)\n\n - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user\n to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30602)\n\n - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30603)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c3354a6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1231134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1230767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1233564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1234829\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 92.0.4515.159 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'92.0.4515.159', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:27", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-05T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597"], "modified": "2021-08-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_92_0_902_67.NASL", "href": "https://www.tenable.com/plugins/nessus/152232", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152232);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-30590\",\n \"CVE-2021-30591\",\n \"CVE-2021-30592\",\n \"CVE-2021-30593\",\n \"CVE-2021-30594\",\n \"CVE-2021-30596\",\n \"CVE-2021-30597\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected\nby multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-5-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2b02534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 92.0.902.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30592\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '92.0.902.67' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:58:40", "description": "Chrome Releases reports :\n\nThis update contains 19 security fixes, including :\n\n- [1243117] High CVE-2021-37956: Use after free in Offline use.\nReported by Huyna at Viettel Cyber Security on 2021-08-24\n\n- [1242269] High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23\n\n- [1223290] High CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24\n\n- [1229625] High CVE-2021-37959: Use after free in Task Manager.\nReported by raven (@raid_akame) on 2021-07-15\n\n- [1247196] High CVE-2021-37960: Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07\n\n- [1228557] Medium CVE-2021-37961: Use after free in Tab Strip.\nReported by Khalil Zhani on 2021-07-13\n\n- [1231933] Medium CVE-2021-37962: Use after free in Performance Manager. Reported by Sri on 2021-07-22\n\n- [1199865] Medium CVE-2021-37963: Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O'Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16\n\n- [1203612] Medium CVE-2021-37964: Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28\n\n- [1239709] Medium CVE-2021-37965: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13\n\n- [1238944] Medium CVE-2021-37966: Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11\n\n- [1243622] Medium CVE-2021-37967: Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26\n\n- [1245053] Medium CVE-2021-37968: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30\n\n- [1245879] Medium CVE-2021-37969: Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02\n\n- [1248030] Medium CVE-2021-37970: Use after free in File System API.\nReported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09\n\n- [1219354] Low CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13\n\n- [1234259] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo.\nReported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29", "cvss3": {}, "published": "2021-10-01T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (3551e106-1b17-11ec-a8a7-704d7b472482)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972"], "modified": "2021-10-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3551E1061B1711ECA8A7704D7B472482.NASL", "href": "https://www.tenable.com/plugins/nessus/153826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(153826);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/14\");\n\n script_cve_id(\"CVE-2021-37956\", \"CVE-2021-37957\", \"CVE-2021-37958\", \"CVE-2021-37959\", \"CVE-2021-37960\", \"CVE-2021-37961\", \"CVE-2021-37962\", \"CVE-2021-37963\", \"CVE-2021-37964\", \"CVE-2021-37965\", \"CVE-2021-37966\", \"CVE-2021-37967\", \"CVE-2021-37968\", \"CVE-2021-37969\", \"CVE-2021-37970\", \"CVE-2021-37971\", \"CVE-2021-37972\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (3551e106-1b17-11ec-a8a7-704d7b472482)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis update contains 19 security fixes, including :\n\n- [1243117] High CVE-2021-37956: Use after free in Offline use.\nReported by Huyna at Viettel Cyber Security on 2021-08-24\n\n- [1242269] High CVE-2021-37957: Use after free in WebGPU. Reported by\nLooben Yang on 2021-08-23\n\n- [1223290] High CVE-2021-37958: Inappropriate implementation in\nNavigation. Reported by James Lee (@Windowsrcer) on 2021-06-24\n\n- [1229625] High CVE-2021-37959: Use after free in Task Manager.\nReported by raven (@raid_akame) on 2021-07-15\n\n- [1247196] High CVE-2021-37960: Inappropriate implementation in Blink\ngraphics. Reported by Atte Kettunen of OUSPG on 2021-09-07\n\n- [1228557] Medium CVE-2021-37961: Use after free in Tab Strip.\nReported by Khalil Zhani on 2021-07-13\n\n- [1231933] Medium CVE-2021-37962: Use after free in Performance\nManager. Reported by Sri on 2021-07-22\n\n- [1199865] Medium CVE-2021-37963: Side-channel information leakage in\nDevTools. Reported by Daniel Genkin and Ayush Agarwal, University of\nMichigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli\nO'Connell, University of Adelaide, and Jason Kim, Georgia Institute of\nTechnology on 2021-04-16\n\n- [1203612] Medium CVE-2021-37964: Inappropriate implementation in\nChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the\nChinese University of Hong Kong on 2021-04-28\n\n- [1239709] Medium CVE-2021-37965: Inappropriate implementation in\nBackground Fetch API. Reported by Maurice Dauer on 2021-08-13\n\n- [1238944] Medium CVE-2021-37966: Inappropriate implementation in\nCompositing. Reported by Mohit Raj (shadow2639) on 2021-08-11\n\n- [1243622] Medium CVE-2021-37967: Inappropriate implementation in\nBackground Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun\nLab on 2021-08-26\n\n- [1245053] Medium CVE-2021-37968: Inappropriate implementation in\nBackground Fetch API. Reported by Maurice Dauer on 2021-08-30\n\n- [1245879] Medium CVE-2021-37969: Inappropriate implementation in\nGoogle Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02\n\n- [1248030] Medium CVE-2021-37970: Use after free in File System API.\nReported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09\n\n- [1219354] Low CVE-2021-37971: Incorrect security UI in Web Browser\nUI. Reported by Rayyan Bijoora on 2021-06-13\n\n- [1234259] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo.\nReported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of\nQianxin on 2021-07-29\"\n );\n # https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9293f232\"\n );\n # https://vuxml.freebsd.org/freebsd/3551e106-1b17-11ec-a8a7-704d7b472482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f54a11b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37957\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<94.0.4606.54\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:32:57", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory.\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-29T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_95_0_1020_40.NASL", "href": "https://www.tenable.com/plugins/nessus/154738", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154738);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-37997\",\n \"CVE-2021-37998\",\n \"CVE-2021-37999\",\n \"CVE-2021-38000\",\n \"CVE-2021-38001\",\n \"CVE-2021-38002\",\n \"CVE-2021-38003\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0522-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected\nby multiple vulnerabilities as referenced in the October 29, 2021 advisory.\n\n - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003)\n\n - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a\n user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997)\n\n - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998)\n\n - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote\n attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.\n (CVE-2021-37999)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69\n allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.\n (CVE-2021-38000)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-29-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd5c7f7f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 95.0.1020.40 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38003\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '95.0.1020.40' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:11", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1172-1 advisory.\n\n - Type Confusion in V8. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing. (CVE-2021-30600)\n\n - Use after free in Extensions API. (CVE-2021-30601)\n\n - Use after free in WebRTC. (CVE-2021-30602)\n\n - Race in WebAudio. (CVE-2021-30603)\n\n - Use after free in ANGLE. (CVE-2021-30604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1172-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/152731", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1172-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152731);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2021-30598\",\n \"CVE-2021-30599\",\n \"CVE-2021-30600\",\n \"CVE-2021-30601\",\n \"CVE-2021-30602\",\n \"CVE-2021-30603\",\n \"CVE-2021-30604\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1172-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1172-1 advisory.\n\n - Type Confusion in V8. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing. (CVE-2021-30600)\n\n - Use after free in Extensions API. (CVE-2021-30601)\n\n - Use after free in WebRTC. (CVE-2021-30602)\n\n - Race in WebAudio. (CVE-2021-30603)\n\n - Use after free in ANGLE. (CVE-2021-30604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189490\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A6WKS2BLZ2TY63ZSCC2NAODDOSDSPKTN/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?524b2b2d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30604\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-92.0.4515.159-lp152.2.122.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-92.0.4515.159-lp152.2.122.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:42", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1180-1 advisory.\n\n - Type Confusion in V8. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing. (CVE-2021-30600)\n\n - Use after free in Extensions API. (CVE-2021-30601)\n\n - Use after free in WebRTC. (CVE-2021-30602)\n\n - Race in WebAudio. (CVE-2021-30603)\n\n - Use after free in ANGLE. (CVE-2021-30604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1180-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1180.NASL", "href": "https://www.tenable.com/plugins/nessus/152770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1180-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152770);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2021-30598\",\n \"CVE-2021-30599\",\n \"CVE-2021-30600\",\n \"CVE-2021-30601\",\n \"CVE-2021-30602\",\n \"CVE-2021-30603\",\n \"CVE-2021-30604\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1180-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1180-1 advisory.\n\n - Type Confusion in V8. (CVE-2021-30598, CVE-2021-30599)\n\n - Use after free in Printing. (CVE-2021-30600)\n\n - Use after free in Extensions API. (CVE-2021-30601)\n\n - Use after free in WebRTC. (CVE-2021-30602)\n\n - Race in WebAudio. (CVE-2021-30603)\n\n - Use after free in ANGLE. (CVE-2021-30604)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189490\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLKBL5CUVIWVYXUEMSQDAWNVPLFIWUZE/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c679856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30603\");\n script_set_attribute(attribute:\"see_also\", value:\"htt

Chromium, Google Chrome: Multiple vulnerabilities

Description

Affected Package

Related