Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5440.NASL
HistoryJun 29, 2023 - 12:00 a.m.

Debian DSA-5440-1 : chromium - security update

2023-06-2900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
debian
chromium
security update
vulnerabilities
remote attack
heap corruption
html
nessus

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

85.0%

JSON

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5440 advisory.

  • Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420)

  • Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421)

  • Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-3422)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5440. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(177713);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/20");

  script_cve_id("CVE-2023-3420", "CVE-2023-3421", "CVE-2023-3422");
  script_xref(name:"IAVA", value:"2023-A-0324-S");

  script_name(english:"Debian DSA-5440-1 : chromium - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5440 advisory.

  - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420)

  - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421)

  - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a
    user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-3422)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5440");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3420");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3421");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3422");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/chromium");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/chromium");
  script_set_attribute(attribute:"solution", value:
"Upgrade the chromium packages.

For the stable distribution (bookworm), these problems have been fixed in version 114.0.5735.198-1~deb12u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3422");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-driver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-l10n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-sandbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-shell");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'chromium', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '11.0', 'prefix': 'chromium-common', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '114.0.5735.198-1~deb11u1'},
    {'release': '12.0', 'prefix': 'chromium', 'reference': '114.0.5735.198-1~deb12u1'},
    {'release': '12.0', 'prefix': 'chromium-common', 'reference': '114.0.5735.198-1~deb12u1'},
    {'release': '12.0', 'prefix': 'chromium-driver', 'reference': '114.0.5735.198-1~deb12u1'},
    {'release': '12.0', 'prefix': 'chromium-l10n', 'reference': '114.0.5735.198-1~deb12u1'},
    {'release': '12.0', 'prefix': 'chromium-sandbox', 'reference': '114.0.5735.198-1~deb12u1'},
    {'release': '12.0', 'prefix': 'chromium-shell', 'reference': '114.0.5735.198-1~deb12u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');
}

Related

osv 7
openvas 8
chrome 1
freebsd 3
nessus 11
kaspersky 3
debian 1
fedora 2
mscve 3
nvd 3
debiancve 3
veracode 3
cve 3
cvelist 3
ubuntucve 3
prion 3
talos 1
talosblog 3
thn 1
github 1
gentoo 1
osv
osv
chromedriver-114.0.5735.198-1.1 on GA media
2024-06-15 00:00:00
chromium - security update
2023-06-28 00:00:00
CVE-2023-3420
2023-06-26 21:15:09
openvas
openvas
Debian: Security Advisory (DSA-5440-1)
2023-06-29 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_26-2023-06) - Linux
2023-06-27 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_26-2023-06) - Mac OS X
2023-06-27 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2023-06-26 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-06-26 00:00:00
electron{23,24} -- multiple vulnerabilities
2023-07-05 00:00:00
electron22 -- multiple vulnerabilities
2023-07-12 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (ad05a737-14bd-11ee-8290-a8a1599412c6)
2023-06-27 00:00:00
FreeBSD : electron22 -- multiple vulnerabilities (3446e45d-a51b-486f-9b0e-e4402d91fed6)
2023-07-14 00:00:00
Google Chrome < 114.0.5735.198 Multiple Vulnerabilities
2023-06-26 00:00:00
kaspersky
kaspersky
KLA50530 Multiple vulnerabilities in Opera
2023-06-29 00:00:00
KLA50556 Multiple vulnerabilities in Microsoft Browser
2023-06-29 00:00:00
KLA50500 Multiple vulnerabilities in Google Chrome
2023-06-26 00:00:00
debian
debian
[SECURITY] [DSA 5440-1] chromium security update
2023-06-28 18:27:48
fedora
fedora
[SECURITY] Fedora 37 Update: chromium-114.0.5735.198-1.fc37
2023-07-04 01:48:28
[SECURITY] Fedora 38 Update: chromium-114.0.5735.198-1.fc38
2023-07-03 01:29:24
mscve
mscve
Chromium: CVE-2023-3421 Use after free in Media
2023-06-29 22:02:51
Chromium: CVE-2023-3420 Type Confusion in V8
2023-06-29 22:02:46
Chromium: CVE-2023-3422 Use after free in Guest View
2023-06-29 22:02:55
nvd
nvd
CVE-2023-3421
2023-06-26 21:15:09
CVE-2023-3420
2023-06-26 21:15:09
CVE-2023-3422
2023-06-26 21:15:09
debiancve
debiancve
CVE-2023-3420
2023-06-26 21:15:09
CVE-2023-3421
2023-06-26 21:15:09
CVE-2023-3422
2023-06-26 21:15:09
veracode
veracode
Type Confusion
2023-07-03 08:57:57
Use After Free
2023-07-03 08:58:36
Use After Free
2023-07-03 08:55:52
cve
cve
CVE-2023-3420
2023-06-26 21:15:09
CVE-2023-3421
2023-06-26 21:15:09
CVE-2023-3422
2023-06-26 21:15:09
cvelist
cvelist
CVE-2023-3420
2023-06-26 20:40:11
CVE-2023-3421
2023-06-26 20:40:12
CVE-2023-3422
2023-06-26 20:40:12
ubuntucve
ubuntucve
CVE-2023-3421
2023-06-26 00:00:00
CVE-2023-3422
2023-06-26 00:00:00
CVE-2023-3420
2023-06-26 00:00:00
prion
prion
Design/Logic Flaw
2023-06-26 21:15:00
Design/Logic Flaw
2023-06-26 21:15:00
Type confusion
2023-06-26 21:15:00
talos
talos
Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability
2023-09-25 00:00:00
talosblog
talosblog
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
2024-09-06 10:00:02
The security pitfalls of social media sites offering ID-based authentication
2023-09-28 18:00:11
10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome
2023-09-27 16:00:29
thn
thn
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
2023-10-10 06:50:00
github
github
Getting RCE in Chrome with incorrect side effect in the JIT compiler
2023-09-26 15:00:54
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-01-31 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

85.0%

JSON
Related for DEBIAN_DSA-5440.NASL
osv7openvas8chrome1freebsd3nessus11kaspersky3debian1fedora2mscve3nvd3debiancve3veracode3cve3cvelist3ubuntucve3prion3talos1talosblog3thn1github1gentoo1