Chromium: CVE-2021-21224 Type Confusion in V8

2021-04-22T20:16:16

Description

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information. This vulnerability was addressed in Microsoft Edge (Chromium-based) in build 90.0.818.41 which was released April 16, 2021.

{"id": "MS:CVE-2021-21224", "vendorId": null, "type": "mscve", "bulletinFamily": "microsoft", "title": "Chromium: CVE-2021-21224 Type Confusion in V8", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\nThis vulnerability was addressed in Microsoft Edge (Chromium-based) in build 90.0.818.41 which was released April 16, 2021.\n", "published": "2021-04-22T20:16:16", "modified": "2021-04-22T20:16:16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21224", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2021-21224"], "immutableFields": [], "lastseen": "2023-03-17T02:34:19", "viewCount": 290, "enchantments": {"backreferences": {"references": [{"idList": ["GENTOO_GLSA-202104-08.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "DEBIAN_DSA-4906.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "GOOGLE_CHROME_90_0_4430_85.NASL"], "type": "nessus"}, {"idList": ["AKB:21C170FF-C7C6-4BFB-8AED-613970EDA44C", "AKB:160D34D9-2175-4B27-87F8-0CED51121F50"], "type": "attackerkb"}, {"idList": ["DEBIAN:DSA-4906-1:4BE22"], "type": "debian"}, {"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["GLSA-202104-08"], "type": "gentoo"}, {"idList": ["DEBIANCVE:CVE-2021-21224"], "type": "debiancve"}, {"idList": ["CAE25BF5-2DB9-5000-8FF9-CC2EAA626ECE"], "type": "githubexploit"}, {"idList": ["KLA12147", "KLA12153"], "type": "kaspersky"}, {"idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"], "type": "malwarebytes"}, {"idList": ["CVE-2021-21224"], "type": "cve"}, {"idList": ["SECURELIST:8E9198BF0E389572981DD1AA05D0708A"], "type": "securelist"}, {"idList": ["CPAI-2021-0952"], "type": "checkpoint_advisories"}, {"idList": ["UB:CVE-2021-21224"], "type": "ubuntucve"}, {"idList": ["ASA-202104-5", "ASA-202104-7"], "type": "archlinux"}, {"idList": ["QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"], "type": "qualysblog"}, {"idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C", "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["CB13A765-A277-11EB-97A0-E09467587C17"], "type": "freebsd"}, {"idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:FF8DAEC0AE0DDAE827D57407C51BE992", "THN:1DDE95EA33D4D9F304973569FC787451"], "type": "thn"}, {"idList": ["OPENSUSE-SU-2021:0629-1", "OPENSUSE-SU-2021:0712-1"], "type": "suse"}, {"idList": ["GCSA-1247606144415232205"], "type": "chrome"}, {"idList": ["FEDORA:B4C4A30D8539", "FEDORA:993DD30E4796", "FEDORA:D63AA304E89C"], "type": "fedora"}]}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202104-5", "ASA-202104-7"]}, {"type": "attackerkb", "idList": ["AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "AKB:21C170FF-C7C6-4BFB-8AED-613970EDA44C"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0952"]}, {"type": "chrome", "idList": ["GCSA-1247606144415232205"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-21224"]}, {"type": "cve", "idList": ["CVE-2021-21224"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4906-1:4BE22"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21224"]}, {"type": "fedora", "idList": ["FEDORA:993DD30E4796", "FEDORA:B4C4A30D8539", "FEDORA:D63AA304E89C"]}, {"type": "freebsd", "idList": ["CB13A765-A277-11EB-97A0-E09467587C17"]}, {"type": "gentoo", "idList": ["GLSA-202104-08"]}, {"type": "githubexploit", "idList": ["CAE25BF5-2DB9-5000-8FF9-CC2EAA626ECE"]}, {"type": "kaspersky", "idList": ["KLA12147", "KLA12153"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3322D6B92554507E3E44D06E2BA5E174", "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4906.NASL", "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "GENTOO_GLSA-202104-08.NASL", "GOOGLE_CHROME_90_0_4430_85.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "OPENSUSE-2021-629.NASL", "OPENSUSE-2021-712.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-4906-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "securelist", "idList": ["SECURELIST:8BBBF7B71E6D52B912070367475B6567", "SECURELIST:8E9198BF0E389572981DD1AA05D0708A"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0629-1", "OPENSUSE-SU-2021:0712-1"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:1DDE95EA33D4D9F304973569FC787451", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:B7217784F9D53002315C9C43CCC73766", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:FF8DAEC0AE0DDAE827D57407C51BE992"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21224"]}, {"type": "veracode", "idList": ["VERACODE:30147"]}]}, "exploitation": null, "score": {"value": 1.7, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-21224", "epss": "0.969350000", "percentile": "0.994990000", "modified": "2023-03-17"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1679020559, "score": 1679020683, "epss": 1679070268}, "_internal": {"score_hash": "f62addd54766136d3cba0a14b7c9c3dc"}, "kbList": [], "msrc": "", "mscve": "CVE-2021-21224", "msAffectedSoftware": [{"name": "Microsoft Edge (Chromium-based)", "kbSupersedence": "", "kb": "", "msplatform": "", "version": "", "operator": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}

{"ubuntucve": [{"lastseen": "2023-02-03T13:37:37", "description": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a\nremote attacker to execute arbitrary code inside a sandbox via a crafted\nHTML page.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987358>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "ubuntucve", "title": "CVE-2021-21224", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2021-04-26T00:00:00", "id": "UB:CVE-2021-21224", "href": "https://ubuntu.com/security/CVE-2021-21224", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-03-23T15:42:49", "description": "# CVE-2021-21224\nChrom...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-28T01:10:54", "type": "githubexploit", "title": "Exploit for Type Confusion in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2022-02-15T06:55:14", "id": "CAE25BF5-2DB9-5000-8FF9-CC2EAA626ECE", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "debiancve": [{"lastseen": "2023-03-27T06:08:25", "description": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T17:15:00", "type": "debiancve", "title": "CVE-2021-21224", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2021-04-26T17:15:00", "id": "DEBIANCVE:CVE-2021-21224", "href": "https://security-tracker.debian.org/tracker/CVE-2021-21224", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:29:27", "description": "A remote code execution vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-16T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Remote Code Execution (CVE-2021-21224)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2022-01-16T00:00:00", "id": "CPAI-2021-0952", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Chromium V8 JavaScript Engine Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-21224", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T13:50:50", "description": "chromium is vulnerable to type confusion. The vulnerability is triggered by performing integer data type conversion, creating an out-of-bounds condition that could cause arbitrary memory read/write primitive.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-23T23:06:09", "type": "veracode", "title": "Type Confusion", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2021-06-01T17:14:05", "id": "VERACODE:30147", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30147/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:06:15", "description": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T17:15:00", "type": "cve", "title": "CVE-2021-21224", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224"], "modified": "2021-06-01T15:22:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-21224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21224", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "thn": [{"lastseen": "2022-05-09T12:38:19", "description": "[![](https://thehackernews.com/images/-wb_mRqoRlJs/YH_fh-jU73I/AAAAAAAACUg/PjdPBbIeXIQL_vuc_D3kAe7us4v9piwdwCLcBGAsYHQ/s0/chrome-update.jpg)](<https://thehackernews.com/images/-wb_mRqoRlJs/YH_fh-jU73I/AAAAAAAACUg/PjdPBbIeXIQL_vuc_D3kAe7us4v9piwdwCLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.\n\nTracked as **CVE-2021-21224**, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5\n\nAccording to security researcher [Lei Cao](<https://iamelli0t.github.io/2021/04/20/Chromium-Issue-1196683-1195777.html#rca-of-issue-1195777>), the bug [[1195777](<https://bugs.chromium.org/p/chromium/issues/detail?id=1195777>)] is triggered when performing integer data type conversion, resulting in an out-of-bounds condition that could be used to achieve arbitrary memory read/write primitive.\n\n\"Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,\" Chrome's Technical Program Manager Srinivas Sista [said](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html>) in a blog post.\n\n[![](https://thehackernews.com/images/-MqsPXUEBIAs/YH_gSVGkWZI/AAAAAAAACUw/ZOCKPD3LhzYIiPehN7StsViTVlFaKHhyACLcBGAsYHQ/s0/chrome-code.jpg)](<https://thehackernews.com/images/-MqsPXUEBIAs/YH_gSVGkWZI/AAAAAAAACUw/ZOCKPD3LhzYIiPehN7StsViTVlFaKHhyACLcBGAsYHQ/s0/chrome-code.jpg>)\n\nThe update comes after proof-of-concept (PoC) [code](<https://noahblog.360.cn/chromium_v8_remote_code_execution_vulnerability_analysis/>) exploiting the flaw published by a researcher named \"[frust](<https://twitter.com/frust93717815/status/1382301769577861123>)\" emerged on April 14 by taking advantage of the fact that the issue was addressed in the [V8 source code](<https://chromium-review.googlesource.com/c/v8/v8/+/2826114/3/src/compiler/representation-change.cc>), but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.\n\nThe one-week patch gap meant the browsers were vulnerable to attacks until the patches posted in the open-source code repository were released as a stable update.\n\nIt's worth noting that Google [halved](<https://groups.google.com/a/chromium.org/g/security-dev/c/fbiuFbW07vI>) the median \"patch gap\" from 33 days in Chrome 76 to 15 days in Chrome 78, which was released in October 2019, thereby pushing severe security fixes every two weeks.\n\nThe latest set of fixes also arrive close on the heels of an update the search giant rolled out [last week](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) with [patches for two security vulnerabilities](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) CVE-2021-21206 and CVE-2021-21220, the latter of which was demonstrated at the Pwn2Own [2021 hacking](<https://thehackernews.com/hacker/>) contest earlier this month.\n\nChrome 90.0.4430.85 is expected to roll out in the coming days. Users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-21T08:20:00", "type": "thn", "title": "Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224"], "modified": "2021-04-21T08:30:40", "id": "THN:FF8DAEC0AE0DDAE827D57407C51BE992", "href": "https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:59", "description": "[![Update Windows Systems](https://thehackernews.com/images/-Oinzu8T6SmI/YMBZ7WkhbJI/AAAAAAAACzI/kVA4Ura4Yl4MrNb_jPNPBtgjkBj1DSs1wCLcBGAsYHQ/s728-e1000/microsoft-windows-update.jpg)](<https://thehackernews.com/images/-Oinzu8T6SmI/YMBZ7WkhbJI/AAAAAAAACzI/kVA4Ura4Yl4MrNb_jPNPBtgjkBj1DSs1wCLcBGAsYHQ/s0/microsoft-windows-update.jpg>)\n\nMicrosoft on Tuesday released another round of [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun>) for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack.\n\nThe flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\nOf these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below -\n\n * [**CVE-2021-33742**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability\n * [**CVE-2021-33739**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability\n * [**CVE-2021-31199**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31201**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability\n * [**CVE-2021-31955**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) (CVSS score: 5.5) - Windows Kernel Information Disclosure Vulnerability\n * [**CVE-2021-31956**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) (CVSS score: 7.8) - Windows NTFS Elevation of Privilege Vulnerability\n\nMicrosoft didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. But the fact that four of the six flaws are privilege escalation vulnerabilities suggests that attackers could be leveraging them as part of an infection chain to gain elevated permissions on the targeted systems to execute malicious code or leak sensitive information.\n\nThe Windows maker also noted that both CVE-2021-31201 and CVE-2021-31199 address flaws related to [CVE-2021-28550](<https://thehackernews.com/2021/05/alert-hackers-exploit-adobe-reader-0.html>), an arbitrary code execution vulnerability rectified by Adobe last month that it said was being \"exploited in the wild in limited attacks targeting Adobe Reader users on Windows.\"\n\nGoogle's Threat Analysis Group, which has been acknowledged as having reported CVE-2021-33742 to Microsoft, [said](<https://twitter.com/ShaneHuntley/status/1402320072123719690>) \"this seem[s] to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting.\"\n\nRussian cybersecurity firm Kaspersky, for its part, detailed that CVE-2021-31955 and CVE-2021-31956 were abused in a Chrome zero-day exploit chain ([CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>)) in a series of highly targeted attacks against multiple companies on April 14 and 15. The intrusions were attributed to a new threat actor dubbed \"PuzzleMaker.\"\n\n\"While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges,\" Kaspersky Lab researchers [said](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>).\n\nElsewhere, Microsoft fixed numerous remote code execution vulnerabilities spanning Paint 3D, Microsoft SharePoint Server, Microsoft Outlook, Microsoft Office Graphics, Microsoft Intune Management Extension, Microsoft Excel, and Microsoft Defender, as well as several privilege escalation flaws in Microsoft Edge, Windows Filter Manager, Windows Kernel, Windows Kernel-Mode Driver, Windows NTLM Elevation, and Windows Print Spooler.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nAlongside Microsoft, a number of other vendors have also released a slew of patches on Tuesday, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-06-01>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [Intel](<https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-June/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999>) (with cybersecurity firm Onapsis [credited](<https://onapsis.com/blog/sap-security-patch-day-june-2021-multiple-memory-corruption-vulnerabilities-can-lead-system>) with identifying 20 of the 40 remediated flaws)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T06:07:00", "type": "thn", "title": "Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-09T16:52:54", "id": "THN:1DDE95EA33D4D9F304973569FC787451", "href": "https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:58", "description": "[![](https://thehackernews.com/images/--v2cn8JGV00/YMGRd9cFvrI/AAAAAAAACz4/i5Stk6m4GEgwbul82T6lZeEbdMMNfofJQCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/--v2cn8JGV00/YMGRd9cFvrI/AAAAAAAACz4/i5Stk6m4GEgwbul82T6lZeEbdMMNfofJQCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.\n\nThe internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.\n\nTracked as [CVE-2021-30551](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>), the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw.\n\nAlthough the search giant's Chrome team issued a terse statement acknowledging \"an exploit for CVE-2021-30551 exists in the wild,\" Shane Huntley, Director of Google's Threat Analysis Group, [hinted](<https://twitter.com/ShaneHuntley/status/1402712986289016835>) that the vulnerability was leveraged by the same actor that abused [CVE-2021-33742](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>), an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.\n\n[![](https://thehackernews.com/images/-XI4fkisfDp0/YMGPq0RtpKI/AAAAAAAACzw/d0mpshr20nw2j--sOXxBrrTJIj2IP95ewCLcBGAsYHQ/s0/chrome-zero-day.jpg)](<https://thehackernews.com/images/-XI4fkisfDp0/YMGPq0RtpKI/AAAAAAAACzw/d0mpshr20nw2j--sOXxBrrTJIj2IP95ewCLcBGAsYHQ/s0/chrome-zero-day.jpg>)\n\nThe two zero-days are said to have been provided by a commercial exploit broker to a nation-state actor, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley said.\n\nMore technical details about the nature of the attacks are to be released in the coming weeks so as to allow a majority of the users to install the update and prevent other threat actors from creating exploits targeting the flaw.\n\nWith the latest fix, Google has addressed a total of seven zero-days in Chrome since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n\nChrome users can update to the latest version (91.0.4472.101) by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-10T04:14:00", "type": "thn", "title": "New Chrome 0-Day Bug Under Active Attacks \u2013 Update Your Browser ASAP!", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-06-10T10:25:50", "id": "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "href": "https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:20", "description": "[![Chrome Browser](https://thehackernews.com/images/--Br-zb7NQb0/YPEUTqMvgsI/AAAAAAAADNw/cesEHjkHFKgyqC_MTP_ji5iUXUCeqoH1QCLcBGAsYHQ/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/images/--Br-zb7NQb0/YPEUTqMvgsI/AAAAAAAADNw/cesEHjkHFKgyqC_MTP_ji5iUXUCeqoH1QCLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.\n\nThe latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine ([CVE-2021-30563](<https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html>)). The search giant credited an anonymous researcher for reporting the flaw on July 12.\n\nAs is usually the case with actively exploited flaws, the company issued a terse statement acknowledging that \"an exploit for CVE-2021-30563 exists in the wild\" while refraining from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse.\n\nCVE-2021-30563 also marks the ninth zero-day addressed by Google to combat real-world attacks against Chrome users since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n\nChrome users are advised to update to the latest version (91.0.4472.164) by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-16T05:08:00", "type": "thn", "title": "Update Your Chrome Browser to Patch New Zero\u2011Day Bug Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563"], "modified": "2021-07-16T05:08:47", "id": "THN:C736174C6B0ADC38AA88BC58F30271DA", "href": "https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:19", "description": "[![Google Chrome](https://thehackernews.com/images/-FOgCdN3CSOk/YUAgGS1bB1I/AAAAAAAADyc/2oKkq_Mon1AnpsrRVosSNgmXm6ZdbQTXACLcBGAsYHQ/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/images/-FOgCdN3CSOk/YUAgGS1bB1I/AAAAAAAADyc/2oKkq_Mon1AnpsrRVosSNgmXm6ZdbQTXACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.\n\nTracked as **CVE-2021-30632** and **CVE-2021-30633**, the [vulnerabilities](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8.\n\nAs is typically the case, the company said it's \"aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild\" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them.\n\nWith these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [**CVE-2021-30563**](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n\nChrome users are advised to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-14T04:08:00", "type": "thn", "title": "Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-19T08:13:46", "id": "THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "href": "https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:16", "description": "[![Chrome web browser](https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/images/-EBTuV2RF5wo/YU6_b4n3Y4I/AAAAAAAAD5w/Rv4cfNWgTzsitUR4O-m9Hoo5Jsb-IyxJACLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.\n\nTracked as [CVE-2021-37973](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html>), the vulnerability has been described as [use after free](<https://cwe.mitre.org/data/definitions/416.html>) in [Portals API](<https://web.dev/hands-on-portals/>), a web page navigation system that enables a page to show another page as an inset and \"perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document.\"\n\nCl\u00e9ment Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's \"aware that an exploit for CVE-2021-37973 exists in the wild.\"\n\nThe update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ([CVE-2021-30869](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>)), which the TAG noted as being \"used in conjunction with a N-day remote code execution targeting WebKit.\" With the latest fix, Google has addressed a total of [12 zero-day flaws in Chrome](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) since the start of 2021:\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n\nChrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-09-25T06:39:00", "type": "thn", "title": "Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30869", "CVE-2021-37973"], "modified": "2021-09-27T04:38:24", "id": "THN:6A9CD6F085628D08978727C0FF597535", "href": "https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:14", "description": "[![Google Chrome](https://thehackernews.com/new-images/img/a/AVvXsEggQTDQ-V9WbcSJKwsXKGeYWFxP3jSKikqYhYG8xpFa_NiB7aFJV8tcR11eRFpoq9nIOMlHfbefT2pZC9vdUHCul3SAafHr4t5T-oIIj-H61WEAlv8x9Mfzo1cqzuxor4bqF090P_C7w7fQqzoSFEmUVm1PvbmzU9YENMC2O_ZAEkOC_qbBbzYZdzhA=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEggQTDQ-V9WbcSJKwsXKGeYWFxP3jSKikqYhYG8xpFa_NiB7aFJV8tcR11eRFpoq9nIOMlHfbefT2pZC9vdUHCul3SAafHr4t5T-oIIj-H61WEAlv8x9Mfzo1cqzuxor4bqF090P_C7w7fQqzoSFEmUVm1PvbmzU9YENMC2O_ZAEkOC_qbBbzYZdzhA>)\n\nGoogle on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.\n\nThe issues, designated as [CVE-2021-37975 and CVE-2021-37976](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html>), are part of a total of four patches, and concern a [use-after-free flaw](<https://cwe.mitre.org/data/definitions/416.html>) in V8 JavaScript and WebAssembly engine as well as an information leak in core.\n\nAs is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks so as to allow a majority of users to be updated with the patches, but noted that it's aware that \"exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.\"\n\nAn anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Cl\u00e9ment Lecigne from Google Threat Analysis Group, who was also credited with [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>), another actively exploited use-after-free vulnerability in Chrome's Portals API that was reported last week, raising the possibility that the two flaws may have been stringed together as part of an exploit chain to execute arbitrary code.\n\nWith the latest update, Google has addressed a record 14 zero-days in the web browser since the start of the year.\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n\nChrome users are advised to update to the latest version (94.0.4606.71) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-01T03:30:00", "type": "thn", "title": "Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976"], "modified": "2021-10-05T05:27:09", "id": "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "href": "https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:09", "description": "[![Chrome Update](https://thehackernews.com/new-images/img/a/AVvXsEgMs77BPvPvj6P-3E7i08R8I_ixvGQZgvS5p1CxbhBqiARNzNLx3R6X1fYdCRjiQmZfLY3-6HUY_hPXAucE_jFVypFTV0HG0XIru72uSOfwfn3mMcLC9j6XyeOCF7We4fYjthQ17-YmGUSvhPWEOlnBXakT_9U8IYdpMKEB6GeCFMJI8ihho5D-6JUO=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEgMs77BPvPvj6P-3E7i08R8I_ixvGQZgvS5p1CxbhBqiARNzNLx3R6X1fYdCRjiQmZfLY3-6HUY_hPXAucE_jFVypFTV0HG0XIru72uSOfwfn3mMcLC9j6XyeOCF7We4fYjthQ17-YmGUSvhPWEOlnBXakT_9U8IYdpMKEB6GeCFMJI8ihho5D-6JUO>)\n\nGoogle on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild.\n\nTracked as **CVE-2021-38000** and **CVE-2021-38003**, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The internet giant's Threat Analysis Group (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.\n\n\"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,\" the company [noted](<https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html>) in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them.\n\nAlso addressed as part of this stable channel update is a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in the Web Transport component (CVE-2021-38002), which was demonstrated for the first time at the [Tianfu Cup](<https://thehackernews.com/2021/10/windows-10-linux-ios-chrome-and-many.html>) contest held earlier this month in China. With these patches, Google has resolved a record 16 zero-days in the web browser since the start of the year \u2014\n\n * [**CVE-2021-21148**](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [**CVE-2021-21193**](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21206**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [**CVE-2021-21220**](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [**CVE-2021-21224**](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [**CVE-2021-30554**](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [**CVE-2021-30563**](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [**CVE-2021-30632**](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [**CVE-2021-30633**](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [**CVE-2021-37973**](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals\n * [**CVE-2021-37975**](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Use-after-free in V8\n * [**CVE-2021-37976**](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Information leak in core\n\nChrome users are advised to update to the latest version (95.0.4638.69) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-10-29T04:08:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38002", "CVE-2021-38003"], "modified": "2021-10-29T04:08:52", "id": "THN:B7217784F9D53002315C9C43CCC73766", "href": "https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:48", "description": "[![Google Chrome](https://thehackernews.com/new-images/img/a/AVvXsEibt_uA0VwMgumOtohRzrBSD-Inv5dv71ZMU1Hu4XYJFQxp8FVjEZzeLUuvttUyYx1xMxQJ16Nfw5Jdc7mPLfwoGoTeZqrLRMZ005Eu673XGL_uJrq7LDUpWojmmmN1YHSwVQcJQzL28acTco05Z7auS001HlgSR96GjvrE5gDr2M123luTRVFTFcAT=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEibt_uA0VwMgumOtohRzrBSD-Inv5dv71ZMU1Hu4XYJFQxp8FVjEZzeLUuvttUyYx1xMxQJ16Nfw5Jdc7mPLfwoGoTeZqrLRMZ005Eu673XGL_uJrq7LDUpWojmmmN1YHSwVQcJQzL28acTco05Z7auS001HlgSR96GjvrE5gDr2M123luTRVFTFcAT>)\n\nGoogle has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the [17th such weakness](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) to be disclosed since the start of the year.\n\nTracked as [CVE-2021-4102](<https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html>), the flaw relates to a [use-after-free bug](<https://cwe.mitre.org/data/definitions/416.html>) in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from corruption of valid data to the execution of arbitrary code. An anonymous researcher has been credited with discovering and reporting the flaw.\n\nAs it stands, it's not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, \"it's aware of reports that an exploit for CVE-2021-4102 exists in the wild.\" This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors.\n\nCVE-2021-4102 is the second use-after-free vulnerability in V8 the company has remediated in less than three months following reports of active exploitation, with the previous vulnerability [CVE-2021-37975](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>), also reported by an anonymous researcher, plugged in an update it shipped on September 30. It's not immediately clear if the two flaws bear any relation to one another.\n\nWith this latest update, Google has addressed a record 17 zero-days in Chrome this year alone \u2014\n\n * [CVE-2021-21148](<https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html>) \\- Heap buffer overflow in V8\n * [CVE-2021-21166](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) \\- Object recycle issue in audio\n * [CVE-2021-21193](<https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html>) \\- Use-after-free in Blink\n * [CVE-2021-21206](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Use-after-free in Blink\n * [CVE-2021-21220](<https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html>) \\- Insufficient validation of untrusted input in V8 for x86_64\n * [CVE-2021-21224](<https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html>) \\- Type confusion in V8\n * [CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>) \\- Type confusion in V8\n * [CVE-2021-30554](<https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html>) \\- Use-after-free in WebGL\n * [CVE-2021-30563](<https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html>) \\- Type confusion in V8\n * [CVE-2021-30632](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Out of bounds write in V8\n * [CVE-2021-30633](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) \\- Use-after-free in Indexed DB API\n * [CVE-2021-37973](<https://thehackernews.com/2021/09/urgent-chrome-update-released-to-patch.html>) \\- Use-after-free in Portals \n * [CVE-2021-37975](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Use-after-free in V8\n * [CVE-2021-37976](<https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html>) \\- Information leak in core\n * [CVE-2021-38000](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) \\- Insufficient validation of untrusted input in Intents\n * [CVE-2021-38003](<https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html>) \\- Inappropriate implementation in V8\n\nChrome users are recommended to update to the latest version (96.0.4664.110) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate any potential risk of active exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-12-14T04:13:00", "type": "thn", "title": "Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-4102"], "modified": "2021-12-14T04:30:59", "id": "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "href": "https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-10-21T14:41:47", "description": "Exploit kits (EK) are not as widespread as they used to be. One of the reasons is likely that most exploit kits targeted software that is hardly ever used anymore. Internet Explorer, Silverlight, and Flash Player to name a few, have been deprecated, replaced, and quickly lost their user-base.\n\nSo, just when you start thinking there is one less threat to worry much about, researchers have found an exploit kit with a keen interest in Chrome. Which, from a business point of view, makes a lot of sense, since Chrome is close to becoming not just a market leader, but almost a monopolist in the browser market.\n\nChrome has, at the time of writing, a market share of around 65%. The only other browser that reaches a market share that is over 10% is Safari. So if you are in the business of compromising browsers that visit your website or watch your advertisement, having Chrome users on your target list is a big plus.\n\nOr, as Malwarebytes' Director of Threat Intelligence, J\u00e9r\u00f4me Segura, put it:\n\n> "The future of exploit kits is via Chrome exploits. This could either be an anomaly or the beginning of a new era with big implications for the years to come."\n\n### Magnitude EK\n\nEnter the Magnitude exploit kit. [Researchers](<https://twitter.com/AvastThreatLabs/status/1450476708939767815>) have found that the Magnitude EK is actively using two vulnerabilities to exploit Chromium-based browsers. Magnitude is used in malvertising attacks to infect victims who visit compromised websites and its payload of choice is the [Magniber ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/07/magniber-ransomware-improves-expands-within-asia/>). \n\n### The vulnerabilities\n\n[CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) is described as a type confusion in V8 in Google Chrome prior to 90.0.4430.85 which allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. V8 is Google's open source high-performance JavaScript and WebAssembly engine. This vulnerability was [patche](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html>)[d in April](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html>).\n\n[CVE-2021-31956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31956>) is a Windows NTFS Elevation of Privilege (EoP) vulnerability. This vulnerability can be used in combination with CVE-2021-21224 to escape the Chromium sandbox. This vulnerability was [patched in June](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956>).\n\n### PuzzleMaker\n\nPractically the same combination of vulnerabilities [was described in June](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/>) when Microsoft fixed seven zero-days, including the CVE-2021-131956 we mentioned earlier. Back then, the attacker using these vulnerabilities was dubbed PuzzleMaker. At the time it was unknown which Chrome vulnerability was used by the attacker, but it's highly likely that it was the same as Magnitude has been found leveraging now.\n\n### Payload\n\nThere is no malicious payload attached to the Magnitude exploits yet, the attack just exfiltrates the victim's Windows build number. But reportedly, this is Magnitude EK\u2019s standard procedure to test out new exploits, so this could change quickly if they start to see positive results.\n\n### How to protect yourself\n\nIt is only on rare occasions that we write about vulnerabilities and then tell you there isn\u2019t much to worry about. But in this case, the only people that have anything to worry about are Windows users that browse the web using Chrome or Chromium based browsers (like Edge), but have disabled its automatic updates and haven\u2019t updated since April. You would also have to run on a non-updated Windows system since June, or run Chrome with the _-no-sandbox _switch (not recommended). And even then all that would happen if you ran across the Magnitude EK (which usually focuses on South Korea) is getting fingerprinted.\n\nBut you do understand that you should update your OS and browser nonetheless, right?\n\n### Enable automatic updates\n\nIf you want to save yourself the trouble of manually installing updates, there are a few things you can do. For Google Chrome (under Windows) you can choose this page as one of the tabs that opens when you run the browser: _chrome://settings/help_. If there has been an update since the last time you closed your browser, this page will alert you and initiate a download of the update.\n\nIn Windows 10 you can select the Start button, then select _Settings > Update & security > Windows Update_. Select _Advanced options_, and then under _Choose how updates are installed_, select _Automatic (recommended)_.\n\nStay safe, everyone!\n\nThe post [Chrome targeted by Magnitude exploit kit](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-21T12:47:42", "type": "malwarebytes", "title": "Chrome targeted by Magnitude exploit kit", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-131956", "CVE-2021-21224", "CVE-2021-31956"], "modified": "2021-10-21T12:47:42", "id": "MALWAREBYTES:3322D6B92554507E3E44D06E2BA5E174", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-14T18:35:22", "description": "Google _[announced](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>)_ on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 (93.0.4577.82), will be released for Windows, Mac, and Linux (if it hasn\u2019t already). Chrome users are expected to see the roll out in the coming days and weeks.\n\nReaders should note that other popular browsers such as Brave and Edge are also Chromium-based and therefore likely to be vulnerable to these flaws too. Keep an eye out for updates.\n\nYou can check what version of Chrome you are running by opening About Google Chrome from the main menu.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2021/09/latest-chrome-stable-600x458.png)The About Google Chrome screen tells you what version you are running and whether it is up to date\n\n### The vulnerabilities\n\nThe fixes address high severity vulnerabilities reported to Google by independent researchers from as early as August of this year. That said, the company has included names of the researchers who found the flaws in their announcement.\n\nThe two vulnerabilities that are being actively exploited\u2014namely, [CVE-2021-30632](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30632>) and [CVE-2021-30633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30633>)\u2014were submitted anonymously. The former is an "Out of bounds write" flaw in the V8 JavaScript engine and the latter is a "Use after free" bug in the Indexed DB API.\n\nBecause threat actors are currently exploiting the two aforementioned vulnerabilities, Google provides little to no information on how the attacks against these weaknesses are being carried out, or other precautionary measures users should be looking out for. Per Google:\n\n> Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed.\n\n### V8, the thorn in Chrome's side?\n\nNobody will be surprised to see that one of the in-the-wild exploits affects Chrome's V8 engine. \n\nAt the heart of every modern web browser sits a JavaScript interpreter, a component that does much of the heavy lifting for interactive web apps. In Chrome, that interpreter is V8. These components need to accommodate frequent updates and adhere to a bewildering array of web standards, while also being both fast and secure.\n\nChrome's [V8](<https://v8.dev/>) JavaScript engine has been a significant source of security problems. So significant in fact, that in August Microsoft\u2014whose Edge browser is based on Chrome\u2014announced an experimental project called [Super Duper Secure Mode](<https://blog.malwarebytes.com/reports/2021/08/edges-super-duper-secure-mode-benchmarked-how-much-speed-would-you-trade-for-security/>) that aims to tackle the rash of V8 problems by simply turning an important part of it off.\n\nA little under half of the CVEs issued for V8 relate to its Just-in-Time (JIT) compiler, and more than half of all \u2018in-the-wild\u2019 Chrome exploits abuse JIT bugs. Just-in-time compilation is an important performance feature and turning it off is a direct trade of speed for security. How much? According our quick-and-dirty testing, turning off the JIT compiler makes JavaScript execution twice as slow in Edge.\n\n### 11 zero-days and counting\n\nTo date, the Google Chrome team has patched 11 zero-day vulnerabilities in 2021. Previous patches are from the following vulnerabilities, some of which we have covered here in the Malwarebytes Labs blog:\n\n * [_CVE-2021-21148_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/>)\n * [_CVE-2021-21166_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/>)\n * CVE-2021-21193\n * [_CVE-2021-21206_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/>)\n * [_CVE-2021-21220_](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/>)\n * CVE-2021-21224\n * CVE-2021-30551\n * CVE-2021-30554\n * CVE-2021-30563\n\nWith so much bad PR, you might expect Chrome's market share to suffer; yet, it remains by far the most popular browser. Users\u2014and the Google Chrome brand\u2014seem unaffected.\n\nMake sure you update your Chrome or Chromium-based browser once you see the patch available, or better still, make sure your browser is set to [update itself](<https://support.google.com/chrome/answer/95414?hl=en-GB&co=GENIE.Platform%3DDesktop#:~:text=Go%20to%20'About%20Google%20Chrome,Chrome%20to%20apply%20the%20update.>).\n\nStay safe!\n\nThe post [Update now! Google Chrome fixes two in-the-wild zero-days](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-google-chrome-fixes-two-in-the-wild-zero-days/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T16:28:47", "type": "malwarebytes", "title": "Update now! Google Chrome fixes two in-the-wild zero-days", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-14T16:28:47", "id": "MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-google-chrome-fixes-two-in-the-wild-zero-days/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-01-24T20:16:01", "description": "Windows Kernel Information Disclosure Vulnerability \nThe type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.\n\nThe team at Kaspersky have reported threat actors are exploiting this Microsoft Windows OS kernel vulnerability\n\nSource: <https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at June 17, 2021 3:23pm UTC reported:\n\nAh good old `NtQuerySystemInformation()` strikes again, never quite going out of style :) In this case CVE-2021-31955 is an information disclosure in good old `ntoskrnl.exe`, aka the Windows kernel itself, that occurs due to a Windows feature supported since Windows Vista known as SuperFetch. By sending a `SystemSuperfetchInformation` class request of type `SuperfetchPrivSourceQuery` via the undocumented `NtQuerySystemInformation()` function, one can obtain the kernel address of the `EPROCESS` structure for the current process. This is REALLY bad since the `EPROCESS` kernel structure contains also contains a pointer to the process\u2019s permissions token. If we know the address of this token, then, provided one has an arbitrary kernel write vulnerability, they can easily overwrite this pointer to point to the permissions token for a higher privilege process, and if this process is running as SYSTEM, they will gain SYSTEM level code execution.\n\nAccording to <https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>, this was used in the wild alongside CVE-2021-31956 to escape the Chrome sandbox and gain SYSTEM on affected users computers, after first compromising Chrome and gaining execution inside the Chrome sandbox with what is suspected to be CVE-2021-21224.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2021-31955", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224", "CVE-2021-31955", "CVE-2021-31956"], "modified": "2021-06-08T00:00:00", "id": "AKB:21C170FF-C7C6-4BFB-8AED-613970EDA44C", "href": "https://attackerkb.com/topics/NQpSb1TpCN/cve-2021-31955", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-25T11:15:03", "description": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at June 17, 2021 3:06pm UTC reported:\n\nAccording to <https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/> this appears to have been used along with CVE-2021-31955 and CVE-2021-31956, a Windows kernel information leak and a Windows LPE vulnerability, to form a full RCE to go from a user browsing a web page to full SYSTEM control over a target Windows device. This is an extremely powerful and valuable exploit chain, and many exploit brokers are willing to pay large sums of money for these chains as they often are very valuable to nation states who wish to use them for their intelligence operations.\n\nOverall though, on its own it seems like this bug wasn\u2019t super valuable as you only get RCE within the sandbox itself, which is why it was then chained with a Windows kernel bug to escape the Chrome sandbox and gain RCE as SYSTEM on the target device. Therefore the risk for this vulnerability alone is lower, however if we keep in mind the other bugs that existed at the time, the overall risk is quite high.\n\nThere also appears to have been public exploit code available for this vulnerability, available at <https://github.com/avboy1337/1195777-chrome0day>, which was potentially reused by the attackers. In any case at the time that code was released the bug was still unpatched which lead researchers at Kaspersky to conclude that its likely attackers used the code from <https://github.com/avboy1337/1195777-chrome0day> in their attack.\n\nOtherwise this is your typical V8 type confusion bug. V8 seems to have had quite a few type confusion bugs in the past so this is nothing too new. If you want to limit exposure, disable JavaScript in your browser on untrusted sites, which will help prevent users from being exploited by these types of attacks as most of them rely on JavaScript to do set up the environment in Chrome appropriately. That being said disabling JavaScript will break most sites so take this with a grain of salt :)\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "attackerkb", "title": "CVE-2021-21224", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224", "CVE-2021-31955", "CVE-2021-31956"], "modified": "2021-04-28T00:00:00", "id": "AKB:160D34D9-2175-4B27-87F8-0CED51121F50", "href": "https://attackerkb.com/topics/fLcfbPxB38/cve-2021-21224", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2022-10-10T08:05:03", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/07093719/abstract_threat_actor_attribution-990x400.jpg)\n\nTargeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90% of cases it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse. High-profile actors make every effort to stay undetected inside the victim's infrastructure and to leave as few traces as they can. They implement a variety of techniques to make investigation of their campaigns more difficult. Using LOLBINS, common legitimate pentesting tools, and fileless malware; misleading security researchers by placing false flags\u2014these and other anti-forensic tricks often make threat attribution a matter of luck. That is why there is always a percentage of targeted attacks that remain unattributed for years. Recently, I shared [my TOP 10 list of the most mysterious APT](<https://twitter.com/craiu/status/1573272440704319488>) campaigns/tools on Twitter. In this article, I provide a bit more detail on each case.\n\n## 1\\. Project TajMahal\n\nIn late 2018, we discovered a sophisticated espionage framework, which we dubbed "[TajMahal](<https://securelist.com/project-tajmahal/90240/>)". It consists of two different packages, self-named "Tokyo" and "Yokohama", and is capable of stealing a variety of data, including data from CDs burnt on the victim's machine and documents sent to the printer queue. Each package includes a number of malicious tools: backdoors, keyloggers, downloaders, orchestrators, screen and webcam grabbers, audio recorders, and more. In total, up to 80 malicious modules were discovered.\n\nProject TajMahal had been active for at least five years before we first detected it. What makes it even more mysterious is that its only known victim is a high-profile diplomatic entity. Who was behind the attack, if there were any other victims, or whether the whole toolset was developed to penetrate just one organization\u2014these questions remain unanswered.\n\n## 2\\. DarkUniverse\n\nDarkUniverse is [another APT framework](<https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/>) we discovered and reported on in 2018. It was active in the wild for at least for eight years\u2014from 2009 to 2017\u2014and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment. It consists of several modules responsible for different espionage activities such as keylogging, mail traffic interception, making screenshots, collecting of a wide variety of system information, and more.\n\nThe only prominent case of DarkUniverse being spotted in the wild was when their [sophisticated ItaDuke malware](<https://securelist.com/new-uyghur-and-tibetan-themed-attacks-using-pdf-exploits/35465/>) was dropped with a zero-day PDF exploit conspicuously named "Visaform Turkey.pdf". DarkUniverse remains unattributed, and it is unclear what happened to the actor after 2017.\n\n## 3\\. PuzzleMaker\n\nIn April 2021, we [detected several targeted attacks](<https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/>) using a complex chain of zero-day exploits. To penetrate the system, the actor used a Google Chrome RCE vulnerability. We were not able to obtain the exploit, but suspected the flaw in question was [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>), which enabled an attacker to execute arbitrary code inside the browser sandbox. Once inside, the actor exploited [CVE-2021-31955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31955>), an information disclosure vulnerability in the Windows kernel, to obtain the kernel address of the EPROCESS structure, and elevated privileges using one more Windows kernel flaw, [CVE-2021-31956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31956>).\n\nAfter successful exploitation of these vulnerabilities, custom malware consisting of four modules is delivered to the infected system. The modules are a stager, dropper, service, and remote shell, with the last one being the final payload. We dubbed the APT "PuzzleMaker".\n\nThe only weak link to known APT campaigns is a post-exploitation technique that is used both by PuzzleMaker and the CHAINSHOT malware, and by at least two state-sponsored threat actors. However, the technique is publicly known and can be used by various groups independently.\n\n## 4\\. ProjectSauron (aka Strider)\n\nProjectSauron was [first discovered](<https://securelist.com/faq-the-projectsauron-apt/75533/>) in September 2015, when [Kaspersky Anti-Targeted Attack Platform](<https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform>) detected anomalous network traffic in a customer organization. The traffic originated from a suspicious library loaded into the memory of a domain controller server and registered as a Windows password filter, which has access to plain-text passwords to administrative accounts. It proved to be a part of a complex APT platform targeting government, telecommunication, scientific, military, and financial organizations in Russia, Iran, Rwanda, and possibly, Italian-speaking countries.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06125545/TOP-_10_unattributed_APT_mysteries_01.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06125545/TOP-_10_unattributed_APT_mysteries_01.png>)\n\n**_ProjectSauron got its name from the "Sauron" mentioned in its configuration_**\n\nThe ProjectSauron platform has a modular structure. Its core implants are unique to each victim, with different file names and sizes, and timestamps tailored to the target environment. This way, the artifacts discovered in one organization are of low value to other victims. These core implants act as backdoors that download additional modules and run commands inside the memory. The modules perform specific espionage functions, such as keylogging, stealing documents, or hijacking encryption keys from infected computers and attached USB devices. A special module is responsible for accessing air-gapped systems through infected USB drives.\n\nThe threat actor behind ProjectSauron uses a complex command-and-control infrastructure involving a wide range of different ISPs and a number of IP-addresses across US and Europe. The actor made every possible effort not to create recognizable patterns in its operations. The only thing that can be said with confidence is that this level of sophistication is hardly achievable without a nation-state sponsor. It is also worth noting that the actor probably learned from other high-profile APTs, such as [Duqu](<https://securelist.com/the-mystery-of-duqu-part-ten/32668/>), [Flame](<https://securelist.com/the-flame-questions-and-answers/34344/>), [Equation](<https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/>), and [Regin](<https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/>).\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06125628/TOP-_10_unattributed_APT_mysteries_02-1024x675.gif)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06125628/TOP-_10_unattributed_APT_mysteries_02.gif>)\n\n## 5\\. USB Thief\n\nIn 2016, our colleagues at ESET [discovered a type of USB malware](<https://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/>) that featured a tricky self-protection mechanism. Dubbed "USB Thief", it consisted of six files, two of which were configuration files, while the other four were executables. The files were designed to be executed in a pre-defined order, and some of them were AES128-encrypted. The encryption key was generated using a unique USB device ID and certain disk properties. This made it hard to decrypt and run the files anywhere but on the infected USB drive.\n\nThree of the executable files are loaders that load the next-stage file. To ensure that the files are loaded in the correct order, they use hashes of the previously loaded files as their names. Additionally, some of the files check the name of the parent process and terminate if it is wrong. The final payload is a data stealer that looks to the configuration file for information about what data to exfiltrate, how to encrypt it, and where to store. The data is always exfiltrated to a location on the infected USB device.\n\nAnother interesting technique implemented in USB Thief is using portable versions of certain applications, such as Notepad, Firefox, and TrueCrypt, to trick the user into running the first malware loader. To achieve this goal, it injects itself into the command chain of these applications as a plugin or a dynamic linked library. When the user runs the infected app, the malware launches, too. The malware is not widespread and is most likely used in highly targeted attacks involving a human asset.\n\nSince my post on Twitter, [our colleagues at ESET shared further information](<https://twitter.com/0xfmz/status/1573321520570671105>) on this toolset, which includes their suspicion that it might be associated with the Lamberts APT group:\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06130040/TOP-_10_unattributed_APT_mysteries_03-1024x606.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06130040/TOP-_10_unattributed_APT_mysteries_03.png>)\n\n## 6\\. TENSHO (aka White Tur)\n\nIn early 2021, while searching for phishing pages that spoofed governmental websites, researchers at the PwC company [stumbled across a page](<https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/threat-actor-of-in-tur-est.html>) used to phish for Serbian Ministry of Defense credentials. This page led them to a previously unknown threat actor dubbed "TENSHO" or "White Tur". This actor has been active since at least 2017 and uses a variety of unique techniques and tools, which include weaponized documents, HTA and PowerShell scripts, Windows executables, and phishing pages that mimic governmental websites.\n\nAmong other tools, TENSHO uses the OpenHardwareMonitor open-source project, whose legitimate purpose is to monitor device temperature, fan speed, and other hardware health data. The threat actor spreads a malicious OpenHardwareMonitor package designed to deliver TENSHO's malware in the form of a PowerShell script or Windows binary.\n\nTo date, no ties have been discovered between this threat actor and any known APT group. TENSHO targets organizations inside Serbia and Republika Srpska (an entity in Bosnia and Herzegovina) indicating a very specific regional interest. Because many parties might be interested in targeting these regions, it is not easy to attribute the threat.\n\n## 7\\. PlexingEagle\n\nDuring the HITBSec 2017 conference in Amsterdam, Emmanuel Gadaix presented the discovery of a highly interesting GSM cyberespionage toolset, likely deployed by a very advanced threat actor, found during a routine security sweep in a client's systems.\n\n[![A Surprise Encounter With a Telco APT, by courtesy of Emmanuel Gadaix](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06130131/TOP-_10_unattributed_APT_mysteries_04-1024x569.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/06130131/TOP-_10_unattributed_APT_mysteries_04.png>)\n\n**_[A Surprise Encounter With a Telco APT](<https://conference.hitb.org/hitbsecconf2017ams/materials/D2T4%20-%20Emmanuel%20Gadaix%20-%20A%20Surprise%20Encounter%20With%20a%20Telco%20APT.pdf>), by courtesy of Emmanuel Gadaix_**\n\nThe compromise was originally discovered by Gadaix' team on a Solaris 10 machine that was used by the actors as an operating base. From there, the attackers leveraged advanced knowledge of the GSM infrastructure and network to patch the functionality normally used by law enforcement for eavesdropping on phone calls in order to implement their own mechanisms for intercepting calls of interest. The malware used in the intrusion was written using LUA, a language we saw used by other advanced threat actors, such as the ones behind Flame and Project Sauron. In his presentation, Gadaix hints at a number of similarities between this case and the so-called "Athens Affair", the two being the only known cases of this threat actor actually being caught in the wild.\n\n## 8\\. SinSono\n\nIn May 2021, Syniverse, a telecom company that provides text message routing services to such carriers as At&T, Verizon, T-Mobile, and others, detected [unauthorized access to its IT systems](<https://www.theverge.com/2021/10/6/22713543/syniverse-hack-five-years-text-messages>). An internal investigation revealed that an unknown adversary first penetrated Syniverse's infrastructure in 2016. For five years they had acted undetected, accessed internal databases, and managed to compromise about 235 customers' login credentials for the company's Electronic Data Transfer (EDT) environment. Through these accounts, the threat actor could access highly sensitive consumer data, e.g., call records and the contents of text messages.\n\nWhile the company reset or inactivated credentials for all EDT customers, and contacted affected organizations, many questions remain: for instance, if the actor had actually stolen sensitive data or not. Although the company itself and some of the carriers relying on its services see no indicators of a major breach and no attempt to disrupt their processes, we know neither who the actor was nor what their goals were. Our analysis of the data related to the attack indicates a high degree of attention and care regarding operational security and ensuring that attribution is difficult.\n\n## 9\\. MagicScroll (aka AcidBox)\n\nMagicScroll is a sophisticated malicious framework that was [first detected](<https://unit42.paloaltonetworks.com/acidbox-rare-malware/>) by Palo Alto's Unit 42 in 2019. It is a type of multistage malware with only a few known samples and one known victim, located in Russia and attacked in 2017. The initial infection stage of MagicScroll is missing. The first known stage is a loader that was created as a [security support provider](<https://learn.microsoft.com/en-us/windows/win32/secauthn/custom-security-packages>), a DLL that usually provides certain security features, such as application authentication. MagicScroll abuses this functionality to achieve injection into the lsass.exe process and probably persistence as well.\n\nThe loader's main purpose is to decrypt and load the next-stage module, which is stored in the registry. This module exploits a VirtualBox driver vulnerability to load an unsigned malicious driver in kernel mode. According to Unit 42, the exploitation of this vulnerability was previously observed in [Turla](<https://securelist.com/tag/turla/>) operations, however there is no indication that the new actor has any links to that group. Unit 42 also found some loose similarities with [ProjectSauron](<https://securelist.com/faq-the-projectsauron-apt/75533/>), but they stated that these are too weak for considering the two campaigns linked. Neither have we found any ties between MagicScroll and any other known APTs.\n\n## 10\\. Metador\n\nThe Metador threat actor was [first publicly described](<https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/>) by SentinelLabs in September 2022. It mainly targets ISPs, telecommunication companies, and universities in several countries in the Middle East and Africa; at least one of its victims has been attacked by nearly ten different APT groups.\n\nMetador operates two malware platforms dubbed "metaMain" and "Mafalda", which are deployed purely in memory. The metaMain platform is a feature-rich backdoor, which provides the threat actor with long-term access to the infected system. It can log keyboard and mouse events, make screenshots, download and upload files, and execute arbitrary shellcode.\n\nMafalda is a backdoor that is being actively developed. Its latest version was compiled with a timestamp of December 2021. It features a number of anti-analysis techniques and supports 67 commands, which is 13 more than in the previous version of the malware.\n\nApart from typical backdoor functionality, metaMain and Mafalda are capable of establishing connections to other (yet unknown) implants and exchange data with these. One of those implants is called "Cryshell" and acts as intermediate server between metaMain or Mafalda, and the C2. There are reasons to believe that unknown Linux implants exist that can send data collected from Linux machines to Mafalda.\n\nIt is yet to be established who the actor behind Metador is and what their goals are. The sophisticated malware designed to stay undetected for a long time suggests that this is a cyberespionage campaign by a high-end threat actor. At least some of the C2 responses are in Spanish, which may indicate that the actor or some of its developers speak Spanish. Also, some cultural references were found in Metador's malware, including British pop punk lyrics and Argentinian political cartoons. The diversity of traces makes it difficult to determine in which state's interests it operates\u2014if at all. One of the hypotheses is that the group is a high-end contractor.\n\n## Conclusion\n\nAdvanced threat actors use every possible means to stay undetected, and\u2014if caught\u2014unattributed. Every now and then, security researchers will reveal a mysterious campaign that has remained uncovered for years and that is nearly impossible to trace back to its benefactors with certitude. The ten stories described in this post are just some of the many unattributed mysteries we have seen through the years. That is why it is important to discuss them and share data on them within the cybersecurity community.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-07T10:00:47", "type": "securelist", "title": "TOP 10 unattributed APT mysteries", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21224", "CVE-2021-31955", "CVE-2021-31956"], "modified": "2022-10-07T10:00:47", "id": "SECURELIST:8BBBF7B71E6D52B912070367475B6567", "href": "https://securelist.com/top-10-unattributed-apt-mysteries/107676/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-15T08:32:02", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/02/21111141/abstract_blur_code-990x400.jpg)\n\nOn April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.\n\nThe elevation of privilege exploit was fine-tuned to work against the latest and most prominent builds of Windows 10 (17763 - RS5, 18362 - 19H1, 18363 - 19H2, 19041 - 20H1, 19042 - 20H2) and it exploits two distinct vulnerabilities in the Microsoft Windows OS kernel. On April 20, 2021, we reported these vulnerabilities to Microsoft and they assigned CVE-2021-31955 to the information disclosure vulnerability and CVE-2021-31956 to the elevation of privilege vulnerability. Both vulnerabilities were patched on June 8, 2021, as a part of the June Patch Tuesday.\n\n## Remote code execution exploit\n\nAll of the observed attacks were conducted through Chrome browser. Unfortunately, we were unable to retrieve the JavaScript with full exploit code, but the timeframe of attacks and events preceding it led us to suspect one particular vulnerability.\n\nOn April 6-8, 2021 the Pwn2Own competition took place. This is a computer hacking contest where the Google Chrome web browser was one of the targets. According to the ZDI (Zero Day Initiative, the organizer of Pwn2Own) [website](<https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results>), one participating team was able to demonstrate a successful exploitation of the Chrome renderer process using a Typer Mismatch bug.\n\nOn April 12, 2021, the developers of Chromium committed two (issue [1196683](<https://chromium-review.googlesource.com/c/v8/v8/+/2820971>), issue [1195777](<https://chromium-review.googlesource.com/c/v8/v8/+/2817791>)) Typer-related bug fixes to the open-source repository of V8 \u2013 a JavaScript engine used by Chrome and Chromium web browsers. One of these bug fixes (issue [1196683](<https://chromium-review.googlesource.com/c/v8/v8/+/2820971>)) was intended to patch a vulnerability that was used during Pwn2Own, and both bug fixes were committed together with regression tests \u2013 JavaScript files to trigger these vulnerabilities. Later on the same day, a user with the Twitter handle @r4j0x00 published a working remote code execution exploit on GitHub, targeting an up-to-date version of Google Chrome. That exploit used a vulnerability from issue [1196683](<https://chromium-review.googlesource.com/c/v8/v8/+/2820971>) to execute a shellcode in the context of the browser renderer process.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122836/PuzzleMaker_attacks_01.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122836/PuzzleMaker_attacks_01.png>)\n\n**_Screenshot of tweet with Chrome zero-day published on April 12, 2021_**\n\nThe published exploit didn't contain a sandbox escape exploit and was therefore intended to work only when the browser was launched with the command line option _-no-sandbox_.\n\nOn April 13, 2021, Google released Chrome update 89.0.4389.128 for Windows, Mac and Linux with a fix for two vulnerabilities; CVE-2021-21220 (used during Pwn2Own) was one of them.\n\nSome of our customers who were attacked on April 14-15, 2021, already had their Chrome browser updated to 89.0.4389.128, and that's why we think the attackers didn't use CVE-2021-21220 in their attacks.\n\nOn April 14, 2021, Google released Chrome update 90.0.4430.72 for Windows, Mac and Linux with a fix for 37 vulnerabilities. On the same day, a new Chrome exploit was presented to the public.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122912/PuzzleMaker_attacks_02.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122912/PuzzleMaker_attacks_02.png>)\n\n**_Screenshot of GitHub repository with Chrome zero-day published on April 14, 2021_**\n\nThis newly published exploit used a vulnerability from issue [1195777](<https://chromium-review.googlesource.com/c/v8/v8/+/2817791>), worked on the newly released Chrome 90.0.4430.72, and was fixed as CVE-2021-21224 only a few days later, on April 20, 2021.\n\nWe suspect the attackers were also able to use this JavaScript file with regression test to develop the exploit (or acquire it from someone else) and were probably using CVE-2021-21224 in their attacks.\n\n## Elevation of privilege exploit\n\nCVE-2021-31955 is an information disclosure vulnerability in ntoskrnl.exe. The vulnerability is affiliated with a Windows OS feature called SuperFetch. It was introduced in Windows Vista and is aimed to reduce software loading times by pre-loading commonly used applications into memory. For SuperFetch purposes the function _NtQuerySystemInformation_ implements a special system information class _SystemSuperfetchInformation_. This system information class incorporates more than a dozen of different SuperFetch information classes. The vulnerability lies in the fact that data returned by the _NtQuerySystemInformation_ function for the SuperFetch information class _SuperfetchPrivSourceQuery_ contains EPROCESS kernel addresses for currently executed processes.\n\nIt's noteworthy that this vulnerability can be observed in code that was available on [GitHub](<https://github.com/zodiacon/WindowsInternals/blob/master/MemInfo/MemInfo.cpp>) for a few years before we caught it in the wild and Microsoft patched it.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122949/PuzzleMaker_attacks_03.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/06/07122949/PuzzleMaker_attacks_03.png>)\n\n**_CVE-2021-31955 can be observed in the source code of the MemInfo utility_**\n\nThe other vulnerability, CVE-2021-31956, is a heap-based buffer overflow in ntfs.sys. The function _NtfsQueryEaUserEaList_ processes a list of extended attributes for the file and stores the retrieved values to buffer. This function is accessible via _ntoskrnl_ syscall and among other things it's possible to control the size of the output buffer. If the size of the extended attribute is not aligned, the function will calculate a padding and the next extended attribute will be stored 32-bit aligned. The code checks if the output buffer is long enough to fit the extended attribute with padding, but it doesn't check for possible integer-underflow. As a result, a heap-based buffer overflow can happen.\n \n \n for ( cur_ea_list_entry = ea_list; ; cur_ea_list_entry = next_ea_list_entry )\n {\n ...\n \n out_buf_pos = (DWORD *)(out_buf + padding + occupied_length);\n \n if ( NtfsLocateEaByName(eas_blocks_for_file, eas_blocks_size, &name, &ea_block_pos) )\n {\n \tea_block = eas_blocks_for_file + ea_block_pos;\n \tea_block_size = ea_block->DataLength + ea_block->NameLength + 9;\n \tif ( ea_block_size <= out_buf_length - padding ) // integer-underflow is possible\n \t{\n \tmemmove(out_buf_pos, (const void *)ea_block, ea_block_size); // heap buffer overflow\n \t*out_buf_pos = 0;\n \t}\n }\n else\n {\n \t...\n }\n \n ...\n \n occupied_length += ea_block_size + padding;\n out_buf_length -= ea_block_size + padding;\n padding = ((ea_block_size + 3) & 0xFFFFFFFC) - ea_block_size;\n \n ...\n }\n\n**_Pseudo-code for vulnerable code in function NtfsQueryEaUserEaList_**\n\nThe exploit uses CVE-2021-31956 along with Windows Notification Facility (WNF) to create arbitrary memory read and write primitives. We are planning to publish more information about this technique in the future.\n\nAs the exploit uses CVE-2021-31955 to get the kernel address of the EPROCESS structure, it is able to use the common post exploitation technique to steal SYSTEM token. However, the exploit uses a rarely used "PreviousMode" technique instead. We have seen this technique used by the CHAINSHOT framework and even made a [presentation](<https://github.com/oct0xor/presentations/blob/master/2019-02-Overview%20of%20the%20latest%20Windows%20OS%20kernel%20exploits%20found%20in%20the%20wild.pdf>) about it at CanSecWest/BlueHat in 2019. The exploit uses this technique to inject a malware module into the system process and execute it.\n\n## Malware modules\n\nBesides the aforementioned exploits, the full attack chain consists of four additional malware modules, which will be referred to as:\n\n * Stager\n * Dropper\n * Service\n * Remote shell\n\nThe stager module is used to notify that exploitation was successful. It also downloads and executes a more complex malware dropper module from a remote server. Each stager module is delivered to the victim with a personalized configuration blob that defines the C&C URL, Session ID, keys to decrypt the next stage of malware, and other information.\n\nAll the stager module samples that we've discovered so far were configured to use the same URL address \u2013 hxxps://p{removed}/metrika_upload/index.php \u2013 to download the encrypted malware dropper module.\n\nWe believe there is a chance that the remote code execution JavaScript exploit was also hosted on the same legitimate-looking geopolitical news portal, but we found no evidence of a classic watering hole attack. The victimology suggests a highly targeted delivery of exploits.\n\nThe dropper module is used to install two executables that pretend to be legitimate files belonging to Microsoft Windows OS. One of these files (%SYSTEM%\\WmiPrvMon.exe) is registered as a service and is used as a launcher for the second executable. This second executable (%SYSTEM%\\wmimon.dll) has the functionality of a remote shell and can be considered the main payload of the attack. We couldn't find any similarities between this and other known malware.\n\nThe remote shell module has a hardcoded URL of the C&C server inside (media-seoengine[.]com). All the communication between C&C server and client is authorized and encrypted. The remote shell module is able to download and upload files, create processes, sleep for specified amounts of time and delete itself from the compromised machine.\n\nNone of the artifacts we analyzed appear to have strong connections to any known threat actors. The only similarity to CHAINSHOT we observed is the "PreviousMode" technique, although this is publicly known and may be used by various groups. We are calling the threat actor behind these attacks PuzzleMaker.\n\nKaspersky products detect this exploit and malware modules with the verdicts:\n\n * PDM:Exploit.Win32.Generic\n * PDM:Trojan.Win32.Generic\n * UDS:DangerousObject.Multi.Generic\n\nKaspersky products detected these attacks with the help of the Behavioral Detection Engine and the Exploit Prevention component. Over the past few years, we have built a multitude of exploit protection technologies into our products that have detected many zero-days, repeatedly proving their effectiveness. We will continue to improve defenses for our users by enhancing technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone.\n\nMore information about these attacks and the actor behind them is available to customers of the Kaspersky Intelligence Reporting service. Contact: intelreports@kaspersky.com.\n\nKaspersky would like to thank Microsoft for their prompt analysis of the report and patches.\n\n## IoCs\n\nmedia-seoengine[.]com\n\n**%SYSTEM%\\WmiPrvMon.exe**\n\nMD5 [09A5055DB44FC1C9E3ADD608EFFF038C](<https://opentip.kaspersky.com/09A5055DB44FC1C9E3ADD608EFFF038C/>) \nSHA-1 [BFFA4462901B74DBFBFFAA3A3DB27DAA61211412](<https://opentip.kaspersky.com/BFFA4462901B74DBFBFFAA3A3DB27DAA61211412/>) \nSHA-256 [982F7C4700C75B81833D5D59AD29147C392B20C760FE36B200B541A0F841C8A9](<https://opentip.kaspersky.com/982F7C4700C75B81833D5D59AD29147C392B20C760FE36B200B541A0F841C8A9/>)\n\n**%SYSTEM%\\wmimon.dll**\n\nMD5 [D6B850C950379D5EE0F254F7164833E8](<https://opentip.kaspersky.com/D6B850C950379D5EE0F254F7164833E8/>) \nSHA-1 [E63ED3B56A5F9A1EA5C92D3D2444196EA13BE94B](<https://opentip.kaspersky.com/E63ED3B56A5F9A1EA5C92D3D2444196EA13BE94B/>) \nSHA-256 [8A17279BA26C8FBE6966EA3300FDEFB1ADAE1B3ED68F76A7FC81413BD8C1A5F6](<https://opentip.kaspersky.com/8A17279BA26C8FBE6966EA3300FDEFB1ADAE1B3ED68F76A7FC81413BD8C1A5F6/>)", "cvss3": {}, "published": "2021-06-08T17:32:30", "type": "securelist", "title": "PuzzleMaker attacks with Chrome zero-day exploit chain", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-21220", "CVE-2021-21224", "CVE-2021-31955", "CVE-2021-31956"], "modified": "2021-06-08T17:32:30", "id": "SECURELIST:8E9198BF0E389572981DD1AA05D0708A", "href": "https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:46:28", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.85 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_85.NASL", "href": "https://www.tenable.com/plugins/nessus/148849", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148849);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0187-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 90.0.4430.85 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.85. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70d7f7db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197904\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.85 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.85', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:37", "description": "Chrome Reelases reports :\n\nThis release includes 7 security fixes, including :\n\n- 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n\n- [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n\n- [1195977] High CVE-2021-21225: Out of bounds memory access in V8.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05\n\n- [1197904] High CVE-2021-21226: Use after free in navigation.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (cb13a765-a277-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CB13A765A27711EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148931);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (cb13a765-a277-11eb-97a0-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Reelases reports :\n\nThis release includes 7 security fixes, including :\n\n- 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported\nby Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n\n- [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by\nGuang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by\nJose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n\n- [1195977] High CVE-2021-21225: Out of bounds memory access in V8.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05\n\n- [1197904] High CVE-2021-21226: Use after free in navigation.\nReported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11\"\n );\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70d7f7db\"\n );\n # https://vuxml.freebsd.org/freebsd/cb13a765-a277-11eb-97a0-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be54099d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.85\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:48", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_818_46.NASL", "href": "https://www.tenable.com/plugins/nessus/148939", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148939);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-22-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0027f192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.818.46 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.818.46' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:35", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.85 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_85.NASL", "href": "https://www.tenable.com/plugins/nessus/148848", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148848);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0187-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 90.0.4430.85 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.85. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70d7f7db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197904\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.85 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.85', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:38", "description": "This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.94\n\n - released on the stable branch\n\nUpdate to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85\n\n - DNA-92219 Add bookmark API supports to the front-end\n\n - DNA-92409 [MAC] ‘Present now’ options windows appear behind detached window\n\n - DNA-92615 Capture tab from the tab context menu\n\n - DNA-92616 Capture tab from Snapshot\n\n - DNA-92617 Capture tab from image context menu\n\n - DNA-92652 Opera 76 translations\n\n - DNA-92680 Make image selector on any page work like bookmarks popup WP2\n\n - DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*)\n\n - DNA-92710 Autoupdate on macOS 11.3 not working\n\n - DNA-92711 Make image selector on any page work like bookmarks popup WP3\n\n - DNA-92730 Make image selector on any page work like bookmarks popup WP4\n\n - DNA-92761 Make image selector on any page work like bookmarks popup WP5\n\n - DNA-92776 Make image selector on any page work like bookmarks popup WP6\n\n - DNA-92862 Make “View pinboards” button work\n\n - DNA-92906 Provide in-house translations for Cashback strings to Spanish\n\n - DNA-92908 API collides with oneclick installer\n\n - The update to chromium 90.0.4430.85 fixes following issues :\n\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\nUpdate to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128\n\n - DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n\n - DNA-92198 [Arm] Update signing scripts\n\n - DNA-92200 [Arm] Create universal packages from two buildsets\n\n - DNA-92338 [Search tabs] The preview isn’t updated when the tab from another window is closed\n\n - DNA-92410 [Download popup] Selected item still looks bad in dark mode\n\n - DNA-92441 Compilation error\n\n - DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz\n\n - DNA-92608 Opera 75 crash during rapid workspace switching\n\n - DNA-92627 Crash at automation::Error::code()\n\n - DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem iumExtensionFeatureEnabled()\n\n - DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button\n\n - DNA-92681 Add missing string in Japanese\n\n - DNA-92684 Fix issues with signing multiple bsids\n\n - DNA-92706 Update repack generation from universal packages\n\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-712)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-712.NASL", "href": "https://www.tenable.com/plugins/nessus/150103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150103);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21206\", \"CVE-2021-21220\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-712)\");\n script_summary(english:\"Check for the openSUSE-2021-712 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.94\n\n - released on the stable branch\n\nUpdate to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to\n 90.0.4430.85\n\n - DNA-92219 Add bookmark API supports to the front-end\n\n - DNA-92409 [MAC] ‘Present now’ options\n windows appear behind detached window\n\n - DNA-92615 Capture tab from the tab context menu\n\n - DNA-92616 Capture tab from Snapshot\n\n - DNA-92617 Capture tab from image context menu\n\n - DNA-92652 Opera 76 translations\n\n - DNA-92680 Make image selector on any page work like\n bookmarks popup WP2\n\n - DNA-92707 Crash at void\n base::ObserverList::AddObserver(class\n content::PrerenderHost::Observer*)\n\n - DNA-92710 Autoupdate on macOS 11.3 not working\n\n - DNA-92711 Make image selector on any page work like\n bookmarks popup WP3\n\n - DNA-92730 Make image selector on any page work like\n bookmarks popup WP4\n\n - DNA-92761 Make image selector on any page work like\n bookmarks popup WP5\n\n - DNA-92776 Make image selector on any page work like\n bookmarks popup WP6\n\n - DNA-92862 Make “View pinboards” button work\n\n - DNA-92906 Provide in-house translations for Cashback\n strings to Spanish\n\n - DNA-92908 API collides with oneclick installer\n\n - The update to chromium 90.0.4430.85 fixes following\n issues :\n\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224,\n CVE-2021-21225, CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\nUpdate to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to\n 89.0.4389.128\n\n - DNA-92113 Windows debug fails to compile\n opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n\n - DNA-92198 [Arm] Update signing scripts\n\n - DNA-92200 [Arm] Create universal packages from two\n buildsets\n\n - DNA-92338 [Search tabs] The preview isn’t updated\n when the tab from another window is closed\n\n - DNA-92410 [Download popup] Selected item still looks bad\n in dark mode\n\n - DNA-92441 Compilation error\n\n - DNA-92514 Allow to generate universal DMG package from\n existing universal .tar.xz\n\n - DNA-92608 Opera 75 crash during rapid workspace\n switching\n\n - DNA-92627 Crash at automation::Error::code()\n\n - DNA-92630 Crash at\n opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem\n iumExtensionFeatureEnabled()\n\n - DNA-92648 Amazon icon disappears from Sidebar Extensions\n section after pressing Hide Amazon button\n\n - DNA-92681 Add missing string in Japanese\n\n - DNA-92684 Fix issues with signing multiple bsids\n\n - DNA-92706 Update repack generation from universal\n packages\n\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following\n issues: CVE-2021-21206, CVE-2021-21220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-76/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-76.0.4017.94-lp152.2.43.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:29", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\n - CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions.\n\n - CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21204 Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205 Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207 koocola and Nan Wang discovered a use-after-free in the indexed database.\n\n - CVE-2021-21208 Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\n - CVE-2021-21209 Tom Van Goethem discovered an implementation error in the Storage API.\n\n - CVE-2021-21210 @bananabr discovered an error in the networking implementation.\n\n - CVE-2021-21211 Akash Labade discovered an error in the navigation implementation.\n\n - CVE-2021-21212 Hugo Hue and Sze Yui Chau discovered an error in the network configuration user interface.\n\n - CVE-2021-21213 raven discovered a use-after-free issue in the WebMIDI implementation.\n\n - CVE-2021-21214 A use-after-free issue was discovered in the networking implementation.\n\n - CVE-2021-21215 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21216 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21217 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21218 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21219 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21221 Guang Gong discovered insufficient validation of untrusted input.\n\n - CVE-2021-21222 Guang Gong discovered a buffer overflow issue in the v8 JavaScript library.\n\n - CVE-2021-21223 Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224 Jose Martinez discovered a type error in the v8 JavaScript library.\n\n - CVE-2021-21225 Brendon Tiszka discovered an out-of-bounds memory access issue in the v8 JavaScript library.\n\n - CVE-2021-21226 Brendon Tiszka discovered a use-after-free issue in the networking implementation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Debian DSA-4906-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4906.NASL", "href": "https://www.tenable.com/plugins/nessus/149082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149082);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"DSA\", value:\"4906\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4906-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21201\n Gengming Liu and Jianyu Chen discovered a use-after-free\n issue.\n\n - CVE-2021-21202\n David Erceg discovered a use-after-free issue in\n extensions.\n\n - CVE-2021-21203\n asnine discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2021-21204\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander\n discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205\n Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207\n koocola and Nan Wang discovered a use-after-free in the\n indexed database.\n\n - CVE-2021-21208\n Ahmed Elsobky discovered a data validation error in the\n QR code scanner.\n\n - CVE-2021-21209\n Tom Van Goethem discovered an implementation error in\n the Storage API.\n\n - CVE-2021-21210\n @bananabr discovered an error in the networking\n implementation.\n\n - CVE-2021-21211\n Akash Labade discovered an error in the navigation\n implementation.\n\n - CVE-2021-21212\n Hugo Hue and Sze Yui Chau discovered an error in the\n network configuration user interface.\n\n - CVE-2021-21213\n raven discovered a use-after-free issue in the WebMIDI\n implementation.\n\n - CVE-2021-21214\n A use-after-free issue was discovered in the networking\n implementation.\n\n - CVE-2021-21215\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21216\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21217\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21218\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21219\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21221\n Guang Gong discovered insufficient validation of\n untrusted input.\n\n - CVE-2021-21222\n Guang Gong discovered a buffer overflow issue in the v8\n JavaScript library.\n\n - CVE-2021-21223\n Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224\n Jose Martinez discovered a type error in the v8\n JavaScript library.\n\n - CVE-2021-21225\n Brendon Tiszka discovered an out-of-bounds memory access\n issue in the v8 JavaScript library.\n\n - CVE-2021-21226\n Brendon Tiszka discovered a use-after-free issue in the\n networking implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4906\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 90.0.4430.85-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:38", "description": "This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config UI\n\n - CVE-2021-21213: Use after free in WebMIDI", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2021-629)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-629.NASL", "href": "https://www.tenable.com/plugins/nessus/149603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149603);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21221\",\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\",\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2021-629)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in\n extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in\n navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted\n input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR\n scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in\n Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config\n UI\n\n - CVE-2021-21213: Use after free in WebMIDI\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=11845047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:22", "description": "The remote host is affected by the vulnerability described in GLSA-202104-08 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-08.NASL", "href": "https://www.tenable.com/plugins/nessus/149223", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-08.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149223);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\", \"CVE-2021-21148\", \"CVE-2021-21149\", \"CVE-2021-21150\", \"CVE-2021-21151\", \"CVE-2021-21152\", \"CVE-2021-21153\", \"CVE-2021-21154\", \"CVE-2021-21155\", \"CVE-2021-21156\", \"CVE-2021-21157\", \"CVE-2021-21159\", \"CVE-2021-21160\", \"CVE-2021-21161\", \"CVE-2021-21162\", \"CVE-2021-21163\", \"CVE-2021-21165\", \"CVE-2021-21166\", \"CVE-2021-21167\", \"CVE-2021-21168\", \"CVE-2021-21169\", \"CVE-2021-21170\", \"CVE-2021-21171\", \"CVE-2021-21172\", \"CVE-2021-21173\", \"CVE-2021-21174\", \"CVE-2021-21175\", \"CVE-2021-21176\", \"CVE-2021-21177\", \"CVE-2021-21178\", \"CVE-2021-21179\", \"CVE-2021-21180\", \"CVE-2021-21181\", \"CVE-2021-21182\", \"CVE-2021-21183\", \"CVE-2021-21184\", \"CVE-2021-21185\", \"CVE-2021-21186\", \"CVE-2021-21187\", \"CVE-2021-21188\", \"CVE-2021-21189\", \"CVE-2021-2119\", \"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\", \"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\", \"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21206\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21220\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\", \"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n script_xref(name:\"GLSA\", value:\"202104-08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-08\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-90.0.4430.93'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-90.0.4430.93'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Reelases reports:\n\nThis release includes 7 security fixes, including:\n\n1194046] High CVE-2021-21222: Heap buffer overflow in V8.\n\t Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n[1195308] High CVE-2021-21223: Integer overflow in Mojo.\n\t Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n[1195777] High CVE-2021-21224: Type Confusion in V8. Reported\n\t by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n[1195977] High CVE-2021-21225: Out of bounds memory access in\n\t V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on\n\t 2021-04-05\n[1197904] High CVE-2021-21226: Use after free in navigation.\n\t Reported by Brendon Tiszka (@btiszka) supporting the EFF on\n\t 2021-04-11\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-20T00:00:00", "id": "CB13A765-A277-11EB-97A0-E09467587C17", "href": "https://vuxml.freebsd.org/freebsd/cb13a765-a277-11eb-97a0-e09467587c17.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202104-7\n=========================================\n\nSeverity: High\nDate : 2021-04-29\nCVE-ID : CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225\nCVE-2021-21226\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1843\n\nSummary\n=======\n\nThe package chromium before version 90.0.4430.85-1 is vulnerable to\nmultiple issues including arbitrary code execution and sandbox escape.\n\nResolution\n==========\n\nUpgrade to 90.0.4430.85-1.\n\n# pacman -Syu \"chromium>=90.0.4430.85-1\"\n\nThe problems have been fixed upstream in version 90.0.4430.85.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21222 (sandbox escape)\n\nHeap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\nbypass site isolation via a crafted HTML page.\n\n- CVE-2021-21223 (sandbox escape)\n\nInteger overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed\na remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21224 (arbitrary code execution)\n\nType confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a\nremote attacker to execute arbitrary code inside a sandbox via a\ncrafted HTML page. Google is aware of reports that exploits for this\nissue exist in the wild.\n\n- CVE-2021-21225 (arbitrary code execution)\n\nOut of bounds memory access in V8 in Google Chrome prior to\n90.0.4430.85 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n- CVE-2021-21226 (sandbox escape)\n\nUse after free in navigation in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\nImpact\n======\n\nAn attacker can escape the site isolation sandbox through a compromised\nrendered process. In addition, an attacker can execute arbitrary code\nand escape the sandbox through a crafted HTML page.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1194046\nhttps://crbug.com/1195308\nhttps://crbug.com/1195777\nhttps://crbug.com/1195977\nhttps://crbug.com/1197904\nhttps://security.archlinux.org/CVE-2021-21222\nhttps://security.archlinux.org/CVE-2021-21223\nhttps://security.archlinux.org/CVE-2021-21224\nhttps://security.archlinux.org/CVE-2021-21225\nhttps://security.archlinux.org/CVE-2021-21226", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "archlinux", "title": "[ASA-202104-7] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-29T00:00:00", "id": "ASA-202104-7", "href": "https://security.archlinux.org/ASA-202104-7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202104-5\n=========================================\n\nSeverity: High\nDate : 2021-04-29\nCVE-ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21207\nCVE-2021-21209 CVE-2021-21210 CVE-2021-21213 CVE-2021-21214\nCVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218\nCVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223\nCVE-2021-21224 CVE-2021-21225 CVE-2021-21226\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1840\n\nSummary\n=======\n\nThe package opera before version 76.0.4017.94-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, sandbox escape and content spoofing.\n\nResolution\n==========\n\nUpgrade to 76.0.4017.94-1.\n\n# pacman -Syu \"opera>=76.0.4017.94-1\"\n\nThe problems have been fixed upstream in version 76.0.4017.94.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21201 (sandbox escape)\n\nUse after free in permissions in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21202 (sandbox escape)\n\nUse after free in extensions in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21203 (arbitrary code execution)\n\nUse after free in Blink in Google Chrome prior to 90.0.4430.72 allowed\na remote attacker to potentially exploit heap corruption via a crafted\nHTML page.\n\n- CVE-2021-21207 (sandbox escape)\n\nUse after free in IndexedDB in Google Chrome prior to 90.0.4430.72\nallowed an attacker who convinced a user to install a malicious\nextension to potentially perform a sandbox escape via a crafted Chrome\nExtension.\n\n- CVE-2021-21209 (information disclosure)\n\nInappropriate implementation in storage in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to leak cross-origin data via a\ncrafted HTML page.\n\n- CVE-2021-21210 (information disclosure)\n\nInappropriate implementation in Network in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to potentially access local UDP\nports via a crafted HTML page.\n\n- CVE-2021-21213 (arbitrary code execution)\n\nUse after free in WebMIDI in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n- CVE-2021-21214 (arbitrary code execution)\n\nUse after free in Network API in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted Chrome Extension.\n\n- CVE-2021-21215 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21216 (content spoofing)\n\nInappropriate implementation in Autofill in Google Chrome prior to\n90.0.4430.72 allowed a remote attacker to spoof security UI via a\ncrafted HTML page.\n\n- CVE-2021-21217 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21218 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21219 (information disclosure)\n\nUninitialized data in PDFium in Google Chrome prior to 90.0.4430.72\nallowed a remote attacker to obtain potentially sensitive information\nfrom process memory via a crafted PDF file.\n\n- CVE-2021-21221 (information disclosure)\n\nInsufficient validation of untrusted input in Mojo in Google Chrome\nprior to 90.0.4430.72 allowed a remote attacker who had compromised the\nrenderer process to leak cross-origin data via a crafted HTML page.\n\n- CVE-2021-21222 (sandbox escape)\n\nHeap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\nbypass site isolation via a crafted HTML page.\n\n- CVE-2021-21223 (sandbox escape)\n\nInteger overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed\na remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n- CVE-2021-21224 (arbitrary code execution)\n\nType confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a\nremote attacker to execute arbitrary code inside a sandbox via a\ncrafted HTML page. Google is aware of reports that exploits for this\nissue exist in the wild.\n\n- CVE-2021-21225 (arbitrary code execution)\n\nOut of bounds memory access in V8 in Google Chrome prior to\n90.0.4430.85 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n- CVE-2021-21226 (sandbox escape)\n\nUse after free in navigation in Google Chrome prior to 90.0.4430.85\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\nImpact\n======\n\nAn attacker is able to break out of the sandbox, execute arbitrary\ncode, spoof content, read sensitive data, and bypass extension security\npolicies through various means.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-75/\nhttps://blogs.opera.com/desktop/changelog-for-76/\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\nhttps://crbug.com/1025683\nhttps://crbug.com/1188889\nhttps://crbug.com/1192054\nhttps://crbug.com/1185732\nhttps://crbug.com/1143526\nhttps://crbug.com/1184562\nhttps://crbug.com/1161806\nhttps://crbug.com/1170148\nhttps://crbug.com/1172533\nhttps://crbug.com/1173297\nhttps://crbug.com/1166462\nhttps://crbug.com/1166478\nhttps://crbug.com/1166972\nhttps://crbug.com/1195333\nhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html\nhttps://crbug.com/1194046\nhttps://crbug.com/1195308\nhttps://crbug.com/1195777\nhttps://crbug.com/1195977\nhttps://crbug.com/1197904\nhttps://security.archlinux.org/CVE-2021-21201\nhttps://security.archlinux.org/CVE-2021-21202\nhttps://security.archlinux.org/CVE-2021-21203\nhttps://security.archlinux.org/CVE-2021-21207\nhttps://security.archlinux.org/CVE-2021-21209\nhttps://security.archlinux.org/CVE-2021-21210\nhttps://security.archlinux.org/CVE-2021-21213\nhttps://security.archlinux.org/CVE-2021-21214\nhttps://security.archlinux.org/CVE-2021-21215\nhttps://security.archlinux.org/CVE-2021-21216\nhttps://security.archlinux.org/CVE-2021-21217\nhttps://security.archlinux.org/CVE-2021-21218\nhttps://security.archlinux.org/CVE-2021-21219\nhttps://security.archlinux.org/CVE-2021-21221\nhttps://security.archlinux.org/CVE-2021-21222\nhttps://security.archlinux.org/CVE-2021-21223\nhttps://security.archlinux.org/CVE-2021-21224\nhttps://security.archlinux.org/CVE-2021-21225\nhttps://security.archlinux.org/CVE-2021-21226", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-29T00:00:00", "type": "archlinux", "title": "[ASA-202104-5] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21207", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-29T00:00:00", "id": "ASA-202104-5", "href": "https://security.archlinux.org/ASA-202104-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2021-12-30T22:31:19", "description": "The Stable channel has been updated to 90.0.4430.85 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/90.0.4430.72..90.0.4430.85?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n**Security Fixes and Rewards**\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [7](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M90>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$TBD][[1194046](<https://crbug.com/1194046>)] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n\n[$TBD][[1195308](<https://crbug.com/1195308>)] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n[$TBD][[1195777](<https://crbug.com/1195777>)] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n\n[$22000 + $22000][[1195977](<https://crbug.com/1195977>)] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05\n\n[$27000 + $27000][[1197904](<https://crbug.com/1197904>)] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11\n\n** \n**\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n**\n\nGoogle is aware of reports that exploits for CVE-2021-21224 exist in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1200824](<https://crbug.com/1200824>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-20T00:00:00", "id": "GCSA-1247606144415232205", "href": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-03-28T17:35:53", "description": "### *Detect date*:\n04/22/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-21225](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21225>) \n[CVE-2021-21222](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21222>) \n[CVE-2021-21223](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21223>) \n[CVE-2021-21224](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21224>) \n[CVE-2021-21226](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21226>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-21226](<https://vulners.com/cve/CVE-2021-21226>)6.8High \n[CVE-2021-21223](<https://vulners.com/cve/CVE-2021-21223>)6.8High \n[CVE-2021-21225](<https://vulners.com/cve/CVE-2021-21225>)6.8High \n[CVE-2021-21222](<https://vulners.com/cve/CVE-2021-21222>)4.3Warning \n[CVE-2021-21224](<https://vulners.com/cve/CVE-2021-21224>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-22T00:00:00", "type": "kaspersky", "title": "KLA12153 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2023-03-28T00:00:00", "id": "KLA12153", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12153/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:47:04", "description": "### *Detect date*:\n04/20/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome earlier than 90.0.4430.85\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-21226](<https://vulners.com/cve/CVE-2021-21226>)6.8High \n[CVE-2021-21223](<https://vulners.com/cve/CVE-2021-21223>)6.8High \n[CVE-2021-21225](<https://vulners.com/cve/CVE-2021-21225>)6.8High \n[CVE-2021-21222](<https://vulners.com/cve/CVE-2021-21222>)4.3Warning \n[CVE-2021-21224](<https://vulners.com/cve/CVE-2021-21224>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "kaspersky", "title": "KLA12147 Multiple vulnerabiltiies in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-05-27T00:00:00", "id": "KLA12147", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12147/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T17:58:45", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 76.0.4017.94\n\n - released on the stable branch\n\n Update to version 76.0.4017.88\n\n - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85\n - DNA-92219 Add bookmark API supports to the front-end\n - DNA-92409 [MAC] \ufffd\ufffd\ufffdPresent now\ufffd\ufffd\ufffd options windows appear behind\n detached window\n - DNA-92615 Capture tab from the tab context menu\n - DNA-92616 Capture tab from Snapshot\n - DNA-92617 Capture tab from image context menu\n - DNA-92652 Opera 76 translations\n - DNA-92680 Make image selector on any page work like bookmarks popup WP2\n - DNA-92707 Crash at void base::ObserverList::AddObserver(class\n content::PrerenderHost::Observer*)\n - DNA-92710 Autoupdate on macOS 11.3 not working\n - DNA-92711 Make image selector on any page work like bookmarks popup WP3\n - DNA-92730 Make image selector on any page work like bookmarks popup WP4\n - DNA-92761 Make image selector on any page work like bookmarks popup WP5\n - DNA-92776 Make image selector on any page work like bookmarks popup WP6\n - DNA-92862 Make \ufffd\ufffd\ufffdView pinboards\ufffd\ufffd\ufffd button work\n - DNA-92906 Provide in-house translations for Cashback strings to Spanish\n - DNA-92908 API collides with oneclick installer\n - The update to chromium 90.0.4430.85 fixes following issues:\n - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225,\n CVE-2021-21226\n\n - Complete Opera 76.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-76/\n\n Update to version 75.0.3969.218\n\n - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128\n - DNA-92113 Windows debug fails to compile\n opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj\n - DNA-92198 [Arm] Update signing scripts\n - DNA-92200 [Arm] Create universal packages from two buildsets\n - DNA-92338 [Search tabs] The preview isn\ufffd\ufffd\ufffdt updated when the tab from\n another window is closed\n - DNA-92410 [Download popup] Selected item still looks bad in dark mode\n - DNA-92441 Compilation error\n - DNA-92514 Allow to generate universal DMG package from existing\n universal .tar.xz\n - DNA-92608 Opera 75 crash during rapid workspace switching\n - DNA-92627 Crash at automation::Error::code()\n - DNA-92630 Crash at\n opera::PremiumExtensionPersistentPrefStorageImpl::IsPremiumExtensionFeature\n Enabled()\n - DNA-92648 Amazon icon disappears from Sidebar Extensions section after\n pressing Hide Amazon button\n - DNA-92681 Add missing string in Japanese\n - DNA-92684 Fix issues with signing multiple bsids\n - DNA-92706 Update repack generation from universal packages\n - DNA-92725 Enable IPFS for all channels\n\n - The update to chromium 89.0.4389.128 fixes following issues:\n CVE-2021-21206, CVE-2021-21220\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-712=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-11T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-05-11T00:00:00", "id": "OPENSUSE-SU-2021:0712-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UVVTKODULIJ72SWD273BSN4VWATWGOOD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T02:12:05", "description": "An update that fixes 25 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n * CVE-2021-21227: Insufficient data validation in V8.\n * CVE-2021-21232: Use after free in Dev Tools.\n * CVE-2021-21233: Heap buffer overflow in ANGLE.\n * CVE-2021-21228: Insufficient policy enforcement in extensions.\n * CVE-2021-21229: Incorrect security UI in downloads.\n * CVE-2021-21230: Type Confusion in V8.\n * CVE-2021-21231: Insufficient data validation in V8.\n * CVE-2021-21222: Heap buffer overflow in V8\n * CVE-2021-21223: Integer overflow in Mojo\n * CVE-2021-21224: Type Confusion in V8\n * CVE-2021-21225: Out of bounds memory access in V8\n * CVE-2021-21226: Use after free in navigation\n * CVE-2021-21201: Use after free in permissions\n * CVE-2021-21202: Use after free in extensions\n * CVE-2021-21203: Use after free in Blink\n * CVE-2021-21204: Use after free in Blink\n * CVE-2021-21205: Insufficient policy enforcement in navigation\n * CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n * CVE-2021-21207: Use after free in IndexedDB\n * CVE-2021-21208: Insufficient data validation in QR scanner\n * CVE-2021-21209: Inappropriate implementation in storage\n * CVE-2021-21210: Inappropriate implementation in Network\n * CVE-2021-21211: Inappropriate implementation in Navigatio\n * CVE-2021-21212: Incorrect security UI in Network Config UI\n * CVE-2021-21213: Use after free in WebMIDI\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-629=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-01T00:00:00", "type": "suse", "title": "Security update for Chromium (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-01T00:00:00", "id": "OPENSUSE-SU-2021:0629-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-06-08T22:18:00", "description": "Microsoft jumped on 50 vulnerabilities in this month\u2019s [Patch Tuesday update](<https://msrc.microsoft.com/update-guide>), issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code \u2013 Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.\n\nFive of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while three are publicly known at the time of release.\n\nThe number might seem light \u2013 it represents six fewer patches than Microsoft [released in May](<https://threatpost.com/wormable-windows-bug-dos-rce/166057/>) \u2013 but the number of critical vulnerabilities ticked up to five month-over-month.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nThose actively exploited vulnerabilities can enable an attacker to hijack a system. They have no workarounds, so some security experts are recommending that they be patched as the highest priority.\n\nThe six CVEs under active attack in the wild include four elevation of privilege vulnerabilities, one information disclosure vulnerability and one remote code execution (RCE) vulnerability.\n\n## Critical Bugs of Note\n\n[CVE-2021-31985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31985>) is a critical RCE vulnerability in Microsoft\u2019s Defender antimalware software that should grab attention. A similar, critical bug in Defender was [patched in January](<https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/>). The most serious of the year\u2019s first Patch Tuesday, that earlier Defender bug was an RCE vulnerability that came under active exploit.\n\nAnother critical flaw is [CVE-2021-31963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31963>), a Microsoft SharePoint Server RCE vulnerability. Jay Goodman, director of product marketing at Automox, said in a [blog post](<https://blog.automox.com/automox-experts-weigh-in-june-patch-tuesday-2021>) that an attacker exploiting this vulnerability \u201ccould take control of a system where they would be free to install programs, view or change data, or create new accounts on the target system with full user rights.\u201d \nWhile Microsoft reports that this vulnerability is less likely to be exploited,Goodman suggested that organizations don\u2019t let it slide: \u201cPatching critical vulnerabilities in the 72-hour window before attackers can weaponize is an important first step to maintaining a safe and secure infrastructure,\u201d he observed.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/08141612/Sophos-impact-chart-June-21-patch-Tuesday-e1623176186946.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/08141612/Sophos-impact-chart-June-21-patch-Tuesday-e1623176186946.png>)\n\nA year-to-date summary of 2021 Microsoft vulnerability releases as of June. Source: Sophos\n\n## Bugs Exploited in the Wild\n\nMicrosoft fixed a total of seven zero-day vulnerabilities. One was [CVE-2021-31968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31968>), Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn\u2019t been seen in attacks. It was issued a CVSS score of 7.5.\n\nThese are the six flaws that MIcrosoft said are under active attack, all of them also zero days.\n\n * [CVE-2021-31955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955>) \u2013 Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5\n * [CVE-2021-31956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956>) \u2013 Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8\n * [CVE-2021-33739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739>) \u2013 Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4\n * [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>) \u2013 Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: **Critical**. CVSS 7.5\n * [CVE-2021-31199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n * [CVE-2021-31201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201>) \u2013 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2\n\n## CVE-2021-33742\n\nThis RCE vulnerability exploits MSHTML, a component used by the Internet Explorer engine to read and display content from websites.The bug could allow an attacker to execute code on a target system if a user views specially crafted web content. The [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review>)\u2018s (ZDI\u2019s) Dustin Childs noted in his Patch Tuesday analysis that since the vulnerability is in the Trident (MSHTML) engine itself, many different applications are affected, not just Internet Explorer. \u201cIt\u2019s not clear how widespread the active attacks are, but considering the vulnerability impacts all supported Windows versions, this should be at the top of your test and deploy list,\u201d he recommended.\n\nThe vulnerability doesn\u2019t require special privilege to exploit, though the attack complexity is high, if that\u2019s any consolation. An attacker would need to do some extra legwork to pull it off, noted Satnam Narang, staff research engineer at Tenable, in an email to Threatpost on Tuesday.\n\nImmersive Labs\u2019 Kevin Breen, director of cyber threat research, noted that visiting a website in a vulnerable browser is \u201ca simple way for attackers to deliver this exploit.\u201d He told Threatpost via email on Tuesday that since the library is used by other services and applications, \u201cemailing HTML files as part of a phishing campaign is also a viable method of delivery.\u201d\n\n[Sophos decreed](<https://news.sophos.com/en-us/2021/06/08/six-in-the-wild-exploits-patched-in-microsofts-june-security-fix-release/>) this one to be the top concern of this month\u2019s crop, given that it\u2019s already being actively exploited by malicious actors.\n\n## CVE-2021-31955, CVE-2021-31956: Used in PuzzleMaker Targeted Malware\n\nCVE-2021-31955 is an information disclosure vulnerability in the Windows Kernel, while CVE-2021-31956 is an elevation of privilege vulnerability in Windows NTFS. The ZDI\u2019s Childs noted that CVE-2021-31956 was reported by the same researcher who found CVE-2021-31955, an information disclosure bug also listed as under active attack. They could be linked, he suggested: \u201cIt\u2019s possible these bugs were used in conjunction, as that is a common technique \u2013 use a memory leak to get the address needed to escalate privileges. These bugs are important on their own and could be even worse when combined. Definitely prioritize the testing and deployment of these patches.\u201d\n\nHe was spot-on. On Tuesday, Kaspersky announced that its researchers had discovered a highly targeted malware campaign launched in April against multiple companies, in which a previously unknown threat actor used a chain of Chrome and Windows zero-day exploits: Namely, these two.\n\nIn a press release, Kaspersky said that one of the exploits was used for RCE in the Google Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target \u201cthe latest and most prominent builds\u201d of Windows 10.\n\n\u201cRecent months have seen a wave of advanced threat activity exploiting zero-days in the wild,\u201d according to the release. \u201cIn mid-April, Kaspersky experts discovered yet a new series of highly targeted exploit attacks against multiple companies that allowed the attackers to stealthily compromise the targeted networks.\u201d\n\nKaspersky hasn\u2019t yet found a connection between these attacks and any known threat actors, so it\u2019s gone ahead and dubbed the actor PuzzleMaker. It said that all the attacks were conducted through Chrome and used an exploit that allowed for RCE. Kaspersky researchers weren\u2019t able to retrieve the code for the exploit, but the timeline and availability suggests the attackers were using the now-patched [CVE-2021-21224](<https://www.cvedetails.com/cve/CVE-2021-21224>) vulnerability in Chrome and Chromium browsers that allows attackers to exploit the Chrome renderer process (the processes that are responsible for what happens inside users\u2019 tabs).\n\nKaspersky experts did find and analyze the second exploit, however: An elevation of privilege exploit that exploits two distinct vulnerabilities in the Microsoft Windows OS kernel: CVE-2021-31955 and CVE-2021-31956. The CVE-2021-31955 bug \u201cis affiliated with SuperFetch, a feature first introduced in Windows Vista that aims to reduce software loading times by pre-loading commonly used applications into memory,\u201d they explained.\n\nThe second flaw, CVE-2021-31956, is an Elevation of Privilege vulnerability and heap-based buffer overflow. Kaspersky said that attackers used this vulnerability alongside Windows Notification Facility (WNF) \u201cto create arbitrary memory read/write primitives and execute malware modules with system privileges.\u201d\n\n\u201cOnce the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,\u201d they continued. \u201cThis dropper then installs two executables, which pretend to be legitimate files belonging to Microsoft Windows OS. The second of these two executables is a remote shell module, which is able to download and upload files, create processes, sleep for certain periods of time, and delete itself from the infected system.\u201d\n\nBoris Larin, senior security researcher with Kaspersky\u2019s Global Research and Analysis Team (GReAT), said that the team hasn\u2019t been able to link these highly targeted attacks to any known threat actor: Hence the name PuzzleMaker and the determination to closely monitor the security landscape \u201cfor future activity or new insights about this group,\u201d he was quoted as saying in the press release.\n\nIf the current trend is any indication, expect to see more of the same, Larin said. \u201cOverall, of late, we\u2019ve been seeing several waves of high-profile threat activity being driven by zero-day exploits,\u201d he said. \u201cIt\u2019s a reminder that zero days continue to be the most effective method for infecting targets. Now that these vulnerabilities have been made publicly known, it\u2019s possible that we\u2019ll see an increase of their usage in attacks by this and other threat actors. That means it\u2019s very important for users to download the latest patch from Microsoft as soon as possible.\u201d\n\n## CVE-2021-31199/CVE-2021-31201\n\nThe two Enhanced Cryptographic Provider Elevation of Privilege vulnerabilities are linked to the Adobe Reader bug that [came under active attack](<https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/>) last month (CVE-2021-28550), ZDI explained. \u201cIt\u2019s common to see privilege escalation paired with code execution bugs, and it seems these two vulnerabilities were the privilege escalation part of those exploits,\u201d he explained. \u201cIt is a bit unusual to see a delay between patch availability between the different parts of an active attack, but good to see these holes now getting closed.\u201d\n\n## CVE-2021-33739\n\nBreen noted that privilege escalation vulnerabilities such as this one in the Microsoft DWM Core Library are just as valuable to attackers as RCEs. \u201cOnce they have gained an initial foothold, they can move laterally across the network and uncover further ways to escalate to system or domain-level access,\u201d he said. \u201cThis can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools.\u201d\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "cvss3": {}, "published": "2021-06-08T21:45:12", "type": "threatpost", "title": "Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21224", "CVE-2021-28550", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31963", "CVE-2021-31968", "CVE-2021-31985", "CVE-2021-33739", "CVE-2021-33742"], "modified": "2021-06-08T21:45:12", "id": "THREATPOST:61CC1EAC83030C2B053946454FE77AC3", "href": "https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-30T16:18:23", "description": "Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that\u2019s being actively exploited in the wild.\n\nThe bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers. Type confusion, as Microsoft has [laid out](<https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/>) in the past, occurs \u201cwhen a piece of code doesn\u2019t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion\u2026Also with type confusion, wrong function pointers or data are fed into the wrong piece of code. In some circumstances this can lead to code execution.\u201d\n\nGoogle didn\u2019t provide additional technical details, as is its wont, but did say that it was \u201caware that an exploit for CVE-2022-1096 exists in the wild.\u201d An anonymous researcher was credited with finding the issue, which is labeled \u201chigh-severity\u201d (no CVSS score was given).\n\nThe lack of any further information is a source of frustration to some.\n\n\u201cAs a defender, I really wish it was more clear what this security fix is,\u201d John Bambenek, principal threat hunter at Netenrich, said via email. \u201cI get permission-denied errors or \u2018need to authenticate,\u2019 so I can\u2019t make decisions or advise my clients. A little more transparency would be beneficial and appreciated.\u201d\n\n## **Emergency Patch; Active Exploit**\n\nThe internet giant has updated the Stable channel to 99.0.4844.84 for Chrome for Windows, Mac and Linux, according to the its [security advisory](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>). Microsoft, which offers the Chromium-based Edge browser, also issued its [own advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>). It\u2019s unclear whether other offerings built in V8, such as the JavaScript runtime environment Node.js, are also affected.\n\nThe patch was issued on an emergency basis, likely due to the active exploit that\u2019s circulating, researchers noted.\n\n\u201cThe first thing which stood out to me about this update is that it only fixes a single issue,\u201d Casey Ellis, founder and CTO at Bugcrowd, noted by email. \u201cThis is pretty unusual for Google. They typically fix multiple issues in these types of releases, which suggests that they are quite concerned and very motivated to see fixes against CVE-2022-1096 applied across their user-base ASAP.\u201d\n\nHe also commented on the speed of the patch being rolled out.\n\n\u201cThe vulnerability was only reported on the 23rd of March, and while Google\u2019s Chrome team do tend to be fairly prompt in developing, testing and rolling patches, the idea of a patch for software deployed as widely deployed as Chrome in 48 hours is something is continue to be impressed by,\u201d he said. \u201cSpeculatively, I\u2019d suggest that the vulnerability has been discovered via detection of active exploitation in the wild, and the combination of impact and potentially the malicious actors currently using it contributed to the fast turnaround.\u201d\n\n## **V8 Engine in the Crosshairs**\n\nThe V8 engine has been plagued with security bugs and targeted by cyberattackers many times in the last year:\n\nLast year delivered a total of these 16 Chrome zero days:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 Feb. 4, an unnamed type of bug in V8\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 April 20, an issue with type confusion in V8 that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013- June 9, a type-confusion bug within V8 (also under active attack as a zero-day)\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 July 15, another type-confusion bug in V8.\n * [CVE-2021-30633](<https://threatpost.com/google-chrome-zero-day-exploited/169442/>) \u2013 Sept. 13, an out-of-bounds write in V8\n * [CVE-2021-37975](<https://threatpost.com/google-emergency-update-chrome-zero-days/175266/>) \u2013 Sept. 30, a use-after-free bug in V8 (also attacked as a zero-day)\n * [CVE-2021-38003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003>) \u2013 Oct. 28, an inappropriate implementation in V8\n * [CVE-2021-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102>) \u2013 Dec. 13, a use-after-free bug in V8.\n\n_**Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our **_[_**FREE downloadable eBook**_](<https://bit.ly/3Jy6Bfs>)_**, \u201cCloud Security: The Forecast for 2022.\u201d**_ _**We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.**_\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T16:14:30", "type": "threatpost", "title": "Google Chrome Bug Actively Exploited as Zero-Day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0336", "CVE-2021-21148", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30563", "CVE-2021-30633", "CVE-2021-37975", "CVE-2021-38003", "CVE-2021-4102", "CVE-2021-44228", "CVE-2022-1096"], "modified": "2022-03-30T16:14:30", "id": "THREATPOST:45B63C766965F5748AEC30DE709C8003", "href": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-14T15:21:25", "description": "Google has addressed two zero-day security bugs that are being actively exploited in the wild.\n\nAs part of the internet giant\u2019s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are tracked as CVE-2021-30632 and CVE-2021-30633.\n\n\u201cGoogle is aware that exploits for [these] exist in the wild,\u201d the company said in its short website notice on the update, [issued Monday](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>).\n\n[![Infosec Insiders Newsletter](https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png)](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nGoogle is restricting any technical details \u201cuntil a majority of users are updated with a fix,\u201d it said. The vulnerabilities were reported anonymously, precluding any gleaning of details from the researcher who found them. Here\u2019s what we know:\n\n * CVE-2021-30632: Out of bounds write in V8 JavaScript Engine; and\n * CVE-2021-30633: Use after free in the IndexedDB API.\n\nOut-of-bounds write flaws [can result in](<https://cwe.mitre.org/data/definitions/787.html>) corruption of data, a crash or code execution. Use-after-free issues [can result in](<https://cwe.mitre.org/data/definitions/416.html>) any number of attack types, ranging from the corruption of valid data to the execution of arbitrary code. Both bugs have TBD bug-bounty awards attached to them and were reported on Sept. 8.\n\nV8 is Google\u2019s open-source, high-performance JavaScript and WebAssembly engine for Chrome and Chromium-based browsers. It translates JavaScript code into a more efficient machine code instead of using an interpreter, which speeds up the web browser. Since this vulnerable components is not specific to Google Chrome, it\u2019s a good bet that other browsers are affected by the bug as well.\n\nIndexedDB, meanwhile, allows users to persistently store large amounts of structured data client-side, inside their browsers. The API is a JavaScript application programming interface provided by web browsers for managing these NoSQL databases. It\u2019s a standard maintained by the World Wide Web Consortium.\n\n\u201cBrowser bugs discovered from exploitation in the wild are among the most significant security threats,\u201d John Bambenek, principal threat hunter at Netenrich, said via email. \u201cNow that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven\u2019t made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors. Everyone wants to learn how to hack, too few people are working on defense.\u201d\n\nThe other nine bugs addressed by Google are as follows:\n\n * CVE-2021-30625: Use after free in Selection API. _Reported by Marcin Towalski of Cisco Talos on 2021-08-06_\n * CVE-2021-30626: Out of bounds memory access in ANGLE. _Reported by Jeonghoon Shin of Theori on 2021-08-18_\n * CVE-2021-30627: Type Confusion in Blink layout. _Reported by Aki Helin of OUSPG on 2021-09-01_\n * CVE-2021-30628: Stack buffer overflow in ANGLE. _Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18_\n * CVE-2021-30629: Use after free in Permissions. _Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi\u2019anxin Group on 2021-08-26_\n * CVE-2021-30630: Inappropriate implementation in Blink. _Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30_\n * CVE-2021-30631: Type Confusion in Blink layout. _Reported by Atte Kettunen of OUSPG on 2021-09-06_\n\nKevin Dunne, president at Pathlock, pointed out that Google has patched plenty of zero-days already this year \u2013 eight prior to the latest two, to be exact \u2013 and he said to expect more.\n\n## **10th Zero-Day in 2021 for Google**\n\n\u201cToday, Google released a patch for its tenth [and ninth] zero-day exploit of the year,\u201d Dunne said in an email to media. \u201cThis milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS.\n\n\u201cWe expect to see continued zero-day exploits in the wild,\u201d he added.\n\nThe other zero days discovered so far in 2021 are as follows, many of them in the V8 engine:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 (February)\n * [CVE-2021-21166](<https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/>) \u2013 (March)\n * [CVE-2021-21193](<https://threatpost.com/google-mac-windows-chrome-zero-day/164759/>) \u2013 (March)\n * [CVE-2021-21220](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>) \u2013 (April)\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 (April, later [used in Windows attacks](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>))\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013 (June)\n * [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2013 (June)\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 (July)\n\n\u201cGoogle\u2019s commitment to patching these exploits quickly is commendable, as they operate Google Chrome as freeware and therefore are the sole entity who can provide these updates,\u201d Dunne wrote. \u201cGoogle is committed to providing Chrome as a free browser, as it is a critical entry point for other businesses such as Google Search and Google Workspace.\u201d\n\nThe news comes as Apple [rushed a fix](<https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/>) for a zero-click zero-day exploit targeting iMessaging. It\u2019s allegedly been used to illegally spy on Bahraini activists with NSO Group\u2019s Pegasus spyware, according to researchers.\n\nMicrosoft is also expected to release its monthly Patch Tuesday set of updates today, so we\u2019ll see if there are yet more zero-day exploits to worry about.\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on Sept. 22 at 2 p.m. EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with independent researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T15:03:41", "type": "threatpost", "title": "Pair of Google Chrome Zero-Day Bugs Actively Exploited", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633"], "modified": "2021-09-14T15:03:41", "id": "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "href": "https://threatpost.com/google-chrome-zero-day-exploited/169442/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-15T21:47:28", "description": "Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that\u2019s actively being jumped on by attackers in the wild.\n\nIn a brief update, Google [described](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) the weakness, tracked as [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>), as a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in Chrome\u2019s Animation component. This kind of flaw can lead to all sorts of misery, ranging from the corruption of valid data to the execution of arbitrary code on vulnerable systems. Such flaws can also be used to escape the browser\u2019s security sandbox.\n\n\u201cGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild,\u201d according to its security update.\n\nChrome users can fix it straight away, though, by going into the Chrome menu > Help > About Google Chrome.\n\nGiven that the zero day is under active attack, updating Chrome should be done ASAP.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/15125804/Chrome-zero-day-e1644947947750.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/15125804/Chrome-zero-day-e1644947947750.png>)\n\nChrome security updates. Source: Google.\n\nCredit for the Animation zero day goes to Adam Weidemann and Cl\u00e9ment Lecigne, both from Google\u2019s Threat Analysis Group (TAG).\n\nMonday\u2019s update also plastered over four other high-severity use-after-free flaws found in Chrome\u2019s Webstore API, File Manager, [ANGLE](<https://en.wikipedia.org/wiki/ANGLE_\$software\$>) and GPU. As well, the company addressed a high-severity integer overflow in [Mojo](<https://chromium.googlesource.com/chromium/src/+/main/docs/mojo_and_services.md>), plus a high-severity h\u200beap buffer overflow in Tab Groups. Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API.\n\n## And So It Begins\n\nThis is Chrome\u2019s first zero day of the year, and more are sure to follow. But at least we\u2019ve made it into the new-ish year 10 more days than we managed in 2021, when the first bug to hit arrived on Feb. 4.\n\nLast year delivered a total of these 16 Chrome zero days:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 Feb. 4, a vulnerability in its V8 open-source web engine.\n * [CVE-2021-21166](<https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/>) \u2013 March 2, a flaw in the Audio component of Google Chrome.\n * [CVE-2021-21193](<https://threatpost.com/google-mac-windows-chrome-zero-day/164759/>) \u2013 March 12, a use-after-free flaw in Blink, [the browser engine for Chrome](<https://threatpost.com/google-high-severity-blink-browser-engine-flaw/147770/>) that was developed as part of the Chromium project.\n * [CVE-2021-21220](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>) \u2013 April 13, a remote-code execution issue.\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013- June 9, a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine.\n * [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2013 June 17, a use-after-free bug.\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 July 15, type confusion in V8.\n * [CVE-2021-30632 and CVE-2021-30633](<https://threatpost.com/google-chrome-zero-day-exploited/169442/>) \u2013 Sept. 13, an out-of-bounds write in V8 and a use-after-free bug in the IndexedDB API, respectively.\n * [CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>) \u2013 Sept. 24, a use-after-free flaw in Portals.\n * [CVE-2021-37976 and CVE-2021-37975](<https://threatpost.com/google-emergency-update-chrome-zero-days/175266/>) \u2013 Sept. 30, an information leak in core and a use-after-free bug in V8, respectively.\n * [CVE-2021-38000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000>) and [CVE-2021-38003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003>) \u2013 Oct. 28, an issue with Insufficient validation of untrusted input in Intents in Google Chrome on Android, and an inappropriate implementation in V8 respectively.\n * [CVE-2021-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102>) \u2013 Dec. 13, a use after free in V8.\n\n**_Join Threatpost on Wed. Feb 23 at 2 PM ET for a [LIVE roundtable discussion](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) \u201cThe Secret to Keeping Secrets,\u201d sponsored by Keeper Security, focused on how to locate and lock down your organization\u2019s most sensitive data. Zane Bond with Keeper Security will join Threatpost\u2019s Becky Bracken to offer concrete steps to protect your organization\u2019s critical information in the cloud, in transit and in storage. [REGISTER NOW](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-15T18:33:28", "type": "threatpost", "title": "Chrome Zero-Day Under Active Attack: Patch ASAP", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-4102", "CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-02-15T18:33:28", "id": "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "href": "https://threatpost.com/google-chrome-zero-day-under-attack/178428/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-08-03T14:52:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4906-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nApril 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204\n CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209\n CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213\n CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217\n CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222\n CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21201\n\n Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\nCVE-2021-21202\n\n David Erceg discovered a use-after-free issue in extensions.\n\nCVE-2021-21203\n\n asnine discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2021-21204\n\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a\n use-after-free issue in Blink/Webkit.\n\nCVE-2021-21205\n\n Alison Huffman discovered a policy enforcement error.\n\nCVE-2021-21207\n\n koocola and Nan Wang discovered a use-after-free in the indexed database.\n\nCVE-2021-21208\n\n Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\nCVE-2021-21209\n\n Tom Van Goethem discovered an implementation error in the Storage API.\n\nCVE-2021-21210\n\n @bananabr discovered an error in the networking implementation.\n\nCVE-2021-21211\n\n Akash Labade discovered an error in the navigation implementation.\n\nCVE-2021-21212\n\n Hugo Hue and Sze Yui Chau discovered an error in the network configuration\n user interface.\n\nCVE-2021-21213\n\n raven discovered a use-after-free issue in the WebMIDI implementation.\n\nCVE-2021-21214\n\n A use-after-free issue was discovered in the networking implementation.\n\nCVE-2021-21215\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21216\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21217\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21218\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21219\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21221\n\n Guang Gong discovered insufficient validation of untrusted input.\n\nCVE-2021-21222\n\n Guang Gong discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21223\n\n Guang Gong discovered an integer overflow issue.\n\nCVE-2021-21224\n\n Jose Martinez discovered a type error in the v8 javascript library.\n\nCVE-2021-21225\n\n Brendon Tiszka discovered an out-of-bounds memory access issue in the v8\n javascript library.\n\nCVE-2021-21226\n\n Brendon Tiszka discovered a use-after-free issue in the networking\n implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.85-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T01:49:06", "type": "debian", "title": "[SECURITY] [DSA 4906-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-28T01:49:06", "id": "DEBIAN:DSA-4906-1:4BE22", "href": "https://lists.debian.org/debian-security-announce/2021/msg00087.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:22:18", "description": "\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\n\n* [CVE-2021-21201](https://security-tracker.debian.org/tracker/CVE-2021-21201)\nGengming Liu and Jianyu Chen discovered a use-after-free issue.\n* [CVE-2021-21202](https://security-tracker.debian.org/tracker/CVE-2021-21202)\nDavid Erceg discovered a use-after-free issue in extensions.\n* [CVE-2021-21203](https://security-tracker.debian.org/tracker/CVE-2021-21203)\nasnine discovered a use-after-free issue in Blink/Webkit.\n* [CVE-2021-21204](https://security-tracker.debian.org/tracker/CVE-2021-21204)\nTsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a\n use-after-free issue in Blink/Webkit.\n* [CVE-2021-21205](https://security-tracker.debian.org/tracker/CVE-2021-21205)\nAlison Huffman discovered a policy enforcement error.\n* [CVE-2021-21207](https://security-tracker.debian.org/tracker/CVE-2021-21207)\nkoocola and Nan Wang discovered a use-after-free in the indexed database.\n* [CVE-2021-21208](https://security-tracker.debian.org/tracker/CVE-2021-21208)\nAhmed Elsobky discovered a data validation error in the QR code scanner.\n* [CVE-2021-21209](https://security-tracker.debian.org/tracker/CVE-2021-21209)\nTom Van Goethem discovered an implementation error in the Storage API.\n* [CVE-2021-21210](https://security-tracker.debian.org/tracker/CVE-2021-21210)\n@bananabr discovered an error in the networking implementation.\n* [CVE-2021-21211](https://security-tracker.debian.org/tracker/CVE-2021-21211)\nAkash Labade discovered an error in the navigation implementation.\n* [CVE-2021-21212](https://security-tracker.debian.org/tracker/CVE-2021-21212)\nHugo Hue and Sze Yui Chau discovered an error in the network configuration\n user interface.\n* [CVE-2021-21213](https://security-tracker.debian.org/tracker/CVE-2021-21213)\nraven discovered a use-after-free issue in the WebMIDI implementation.\n* [CVE-2021-21214](https://security-tracker.debian.org/tracker/CVE-2021-21214)\nA use-after-free issue was discovered in the networking implementation.\n* [CVE-2021-21215](https://security-tracker.debian.org/tracker/CVE-2021-21215)\nAbdulrahman Alqabandi discovered an error in the Autofill feature.\n* [CVE-2021-21216](https://security-tracker.debian.org/tracker/CVE-2021-21216)\nAbdulrahman Alqabandi discovered an error in the Autofill feature.\n* [CVE-2021-21217](https://security-tracker.debian.org/tracker/CVE-2021-21217)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21218](https://security-tracker.debian.org/tracker/CVE-2021-21218)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21219](https://security-tracker.debian.org/tracker/CVE-2021-21219)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21221](https://security-tracker.debian.org/tracker/CVE-2021-21221)\nGuang Gong discovered insufficient validation of untrusted input.\n* [CVE-2021-21222](https://security-tracker.debian.org/tracker/CVE-2021-21222)\nGuang Gong discovered a buffer overflow issue in the v8 javascript\n library.\n* [CVE-2021-21223](https://security-tracker.debian.org/tracker/CVE-2021-21223)\nGuang Gong discovered an integer overflow issue.\n* [CVE-2021-21224](https://security-tracker.debian.org/tracker/CVE-2021-21224)\nJose Martinez discovered a type error in the v8 javascript library.\n* [CVE-2021-21225](https://security-tracker.debian.org/tracker/CVE-2021-21225)\nBrendon Tiszka discovered an out-of-bounds memory access issue in the v8\n javascript library.\n* [CVE-2021-21226](https://security-tracker.debian.org/tracker/CVE-2021-21226)\nBrendon Tiszka discovered a use-after-free issue in the networking\n implementation.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.85-1~deb10u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-27T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21211", "CVE-2021-21208", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21214", "CVE-2021-21202", "CVE-2021-21201", "CVE-2021-21215", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21207", "CVE-2021-21203", "CVE-2021-21205", "CVE-2021-21217", "CVE-2021-21226", "CVE-2021-21204", "CVE-2021-21223", "CVE-2021-21216", "CVE-2021-21209", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21210", "CVE-2021-21224", "CVE-2021-21225"], "modified": "2022-07-21T05:50:45", "id": "OSV:DSA-4906-1", "href": "https://osv.dev/vulnerability/DSA-4906-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-12T05:35:46", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-90.0.4430.93-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:35:46", "id": "FEDORA:D63AA304E89C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-12T05:44:40", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-90.0.4430.93-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:44:40", "id": "FEDORA:B4C4A30D8539", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-05-14T21:12:29", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-90.0.4430.93-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-14T21:12:29", "id": "FEDORA:993DD30E4796", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T18:59:29", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-90.0.4430.93\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-90.0.4430.93\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-30T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-04-30T00:00:00", "id": "GLSA-202104-08", "href": "https://security.gentoo.org/glsa/202104-08", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2021-11-09T06:36:02", "description": "[Start your VMDR 30-day, no-cost trial today](<https://www.qualys.com/forms/vmdr/>)\n\n## Overview\n\nOn November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>), "Reducing the Significant Risk of Known Exploited Vulnerabilities." [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires agencies to review and update agency internal vulnerability management procedures within 60 days according to this directive and remediate each vulnerability according to the timelines outlined in 'CISA's vulnerability catalog.\n\nQualys helps customers to identify and assess risk to organizations' digital infrastructure and automate remediation. Qualys' guidance for rapid response to Operational Directive is below.\n\n## Directive Scope\n\nThis directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency's behalf.\n\nHowever, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA's public catalog.\n\n## CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [291 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. The Qualys Research team has mapped all these CVEs to applicable QIDs. You can view the complete list of CVEs and the corresponding QIDs [here](<https://success.qualys.com/discussions/s/article/000006791>).\n\n### Not all vulnerabilities are created equal\n\nOur quick review of the 291 CVEs posted by CISA suggests that not all vulnerabilities hold the same priority. CISA has ordered U.S. federal enterprises to apply patches as soon as possible. The remediation guidance can be grouped into three distinct categories:\n\n#### Category 1 \u2013 Past Due\n\nRemediation of 15 CVEs (~5%) are already past due. These vulnerabilities include some of the most significant exploits in the recent past, including PrintNightmare, SigRed, ZeroLogon, and vulnerabilities in CryptoAPI, Pulse Secure, and more. Qualys Patch Management can help you remediate most of these vulnerabilities.\n\n#### Category 2 \u2013 Patch in less than two weeks\n\n100 (34%) Vulnerabilities need to be patched in the next two weeks, or by **November 17, 2022**.\n\n#### Category 3 \u2013 Patch within six months\n\nThe remaining 176 vulnerabilities (60%) must be patched within the next six months or by **May 3, 2022**.\n\n## Detect CISA's Vulnerabilities Using Qualys VMDR\n\nThe Qualys Research team has released several remote and authenticated detections (QIDs) for the vulnerabilities. Since the directive includes 291 CVEs, we recommend executing your search based on vulnerability criticality, release date, or other categories.\n\nFor example, to detect critical CVEs released in 2021:\n\n_vulnerabilities.vulnerability.criticality:CRITICAL and vulnerabilities.vulnerability.cveIds:[ `CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]_\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture1.jpg)\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using the VMDR Prioritization report.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture3.png)\n\nWith Qualys Unified Dashboard, you can track your exposure to the CISA Known Exploited Vulnerabilities and gather your status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of the status of the vulnerabilities in your environment using the ["CISA 2010-21| KNOWN EXPLOITED VULNERABILITIES"](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture4.png)\n\n### Summary Dashboard High Level Structured by Vendor:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture5.png)\n\n## Remediation\n\nTo comply with this directive, federal agencies must remediate most "Category 2" vulnerabilities by **November 17, 2021**, and "Category 3" by May 3, 2021. Qualys Patch Management can help streamline the remediation of many of these vulnerabilities.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive's aggressive remediation date of November 17, 2021. Running this query will find all required patches and allow quick and efficient deployment of those missing patches to all assets directly from within the Qualys Cloud Platform.\n\ncve:[`CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture6.jpg)\n\nQualys patch content covers many Microsoft, Linux, and third-party applications; however, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch the remaining CVEs in this list.\n\nNote that the due date for \u201cCategory 1\u201d patches has already passed. To find missing patches in your environment for \u201cCategory 1\u201d past due CVEs, copy the following query into the Patch Management app:\n\ncve:['CVE-2021-1732\u2032,'CVE-2020-1350\u2032,'CVE-2020-1472\u2032,'CVE-2021-26855\u2032,'CVE-2021-26858\u2032,'CVE-2021-27065\u2032,'CVE-2020-0601\u2032,'CVE-2021-26857\u2032,'CVE-2021-22893\u2032,'CVE-2020-8243\u2032,'CVE-2021-22900\u2032,'CVE-2021-22894\u2032,'CVE-2020-8260\u2032,'CVE-2021-22899\u2032,'CVE-2019-11510']\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture7.jpg)\n\n## Federal Enterprises and Agencies Can Act Now\n\nFor federal enterprises and agencies, it's a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>).\n\nHere are a few steps Federal enterprises can take immediately:\n\n * Run vulnerability assessments against all your assets by leveraging various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Patch Management to apply patches and other configurations changes\n * Track remediation progress through Unified Dashboards\n\n## Summary\n\nUnderstanding vulnerabilities is a critical but partial part of threat mitigation. Qualys VMDR helps customers discover, assess threats, assign risk, and remediate threats in one solution. Qualys customers rely on the accuracy of Qualys' threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any organization efficiently respond to the CISA directive.\n\n## Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-09T06:15:01", "type": "qualysblog", "title": "Qualys Response to CISA Alert: Binding Operational Directive 22-01", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2020-0601", "CVE-2020-1350", "CVE-2020-1472", "CVE-2020-8243", "CVE-2020-8260", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-1905", "CVE-2021-1906", "CVE-2021-20016", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-22502", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-22986", "CVE-2021-26084", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-28663", "CVE-2021-28664", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42258"], "modified": "2021-11-09T06:15:01", "id": "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-Actual-1.jpg)\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-3.jpg)\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-4-scaled.jpg)\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/patch-mgmt-windows2.jpg)\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-6.jpg)\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}