Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5456.NASLHistoryJul 20, 2023 - 12:00 a.m.
Debian DSA-5456-1 : chromium - security update
2023-07-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
debian
chromium
security update
use after free
out of bounds memory access
inappropriate implementation
insufficient validation
webrtc
tab groups
mojo
webapp installs
picture in picture
web api permission prompts
custom tabs
notifications
autofill
themes
vulnerabilities
nessus
self-reported version.
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5456 advisory.
-
Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728)
-
Use after free in Tab Groups. (CVE-2023-3730)
-
Out of bounds memory access in Mojo. (CVE-2023-3732)
-
Inappropriate implementation in WebApp Installs. (CVE-2023-3733)
-
Inappropriate implementation in Picture In Picture. (CVE-2023-3734)
-
Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735)
-
Inappropriate implementation in Custom Tabs. (CVE-2023-3736)
-
Inappropriate implementation in Notifications. (CVE-2023-3737)
-
Inappropriate implementation in Autofill. (CVE-2023-3738)
-
Insufficient validation of untrusted input in Themes. (CVE-2023-3740)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5456. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(178687);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/07");
script_cve_id(
"CVE-2023-3727",
"CVE-2023-3728",
"CVE-2023-3730",
"CVE-2023-3732",
"CVE-2023-3733",
"CVE-2023-3734",
"CVE-2023-3735",
"CVE-2023-3736",
"CVE-2023-3737",
"CVE-2023-3738",
"CVE-2023-3740"
);
script_xref(name:"IAVA", value:"2023-A-0375-S");
script_name(english:"Debian DSA-5456-1 : chromium - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5456 advisory.
- Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728)
- Use after free in Tab Groups. (CVE-2023-3730)
- Out of bounds memory access in Mojo. (CVE-2023-3732)
- Inappropriate implementation in WebApp Installs. (CVE-2023-3733)
- Inappropriate implementation in Picture In Picture. (CVE-2023-3734)
- Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735)
- Inappropriate implementation in Custom Tabs. (CVE-2023-3736)
- Inappropriate implementation in Notifications. (CVE-2023-3737)
- Inappropriate implementation in Autofill. (CVE-2023-3738)
- Insufficient validation of untrusted input in Themes. (CVE-2023-3740)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5456");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3727");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3728");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3730");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3732");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3733");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3734");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3735");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3736");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3737");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3738");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3740");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/chromium");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/chromium");
script_set_attribute(attribute:"solution", value:
"Upgrade the chromium packages.
For the stable distribution (bookworm), these problems have been fixed in version 115.0.5790.98-1~deb12u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3732");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/18");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-driver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-l10n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-sandbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-shell");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'chromium', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-common', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-driver', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-shell', 'reference': '115.0.5790.98-1~deb11u1'},
{'release': '12.0', 'prefix': 'chromium', 'reference': '115.0.5790.98-1~deb12u1'},
{'release': '12.0', 'prefix': 'chromium-common', 'reference': '115.0.5790.98-1~deb12u1'},
{'release': '12.0', 'prefix': 'chromium-driver', 'reference': '115.0.5790.98-1~deb12u1'},
{'release': '12.0', 'prefix': 'chromium-l10n', 'reference': '115.0.5790.98-1~deb12u1'},
{'release': '12.0', 'prefix': 'chromium-sandbox', 'reference': '115.0.5790.98-1~deb12u1'},
{'release': '12.0', 'prefix': 'chromium-shell', 'reference': '115.0.5790.98-1~deb12u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | chromium | p-cpe:/a:debian:debian_linux:chromium |
| debian | debian_linux | chromium-common | p-cpe:/a:debian:debian_linux:chromium-common |
| debian | debian_linux | chromium-driver | p-cpe:/a:debian:debian_linux:chromium-driver |
| debian | debian_linux | chromium-l10n | p-cpe:/a:debian:debian_linux:chromium-l10n |
| debian | debian_linux | chromium-sandbox | p-cpe:/a:debian:debian_linux:chromium-sandbox |
| debian | debian_linux | chromium-shell | p-cpe:/a:debian:debian_linux:chromium-shell |
| debian | debian_linux | 11.0 | cpe:/o:debian:debian_linux:11.0 |
| debian | debian_linux | 12.0 | cpe:/o:debian:debian_linux:12.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3730
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3738
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3740
packages.debian.org/source/bookworm/chromium
packages.debian.org/source/bullseye/chromium
security-tracker.debian.org/tracker/CVE-2023-3727
security-tracker.debian.org/tracker/CVE-2023-3728
security-tracker.debian.org/tracker/CVE-2023-3730
security-tracker.debian.org/tracker/CVE-2023-3732
security-tracker.debian.org/tracker/CVE-2023-3733
security-tracker.debian.org/tracker/CVE-2023-3734
security-tracker.debian.org/tracker/CVE-2023-3735
security-tracker.debian.org/tracker/CVE-2023-3736
security-tracker.debian.org/tracker/CVE-2023-3737
security-tracker.debian.org/tracker/CVE-2023-3738
security-tracker.debian.org/tracker/CVE-2023-3740
security-tracker.debian.org/tracker/source-package/chromium
www.debian.org/security/2023/dsa-5456
Related
kaspersky
kaspersky
KLA51005 Multiple vulnerabilities in Google Chrome
2023-07-18 00:00:00
KLA51267 Multiple vulnerabilities in Microsoft Browser
2023-07-21 00:00:00
openvas
openvas
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (2f22927f-26ea-11ee-8290-a8a1599412c6)
2023-07-20 00:00:00
Google Chrome < 115.0.5790.98 Multiple Vulnerabilities
2023-07-18 00:00:00
Google Chrome < 115.0.5790.98 Multiple Vulnerabilities
2023-07-18 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-07-19 00:00:00
electron{22,23,24,25} -- multiple vulnerabilities
2023-08-02 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2023-07-18 00:00:00
mscve
mscve
Chromium: CVE-2023-3727 Use after free in WebRTC
2023-07-21 07:00:00
Chromium: CVE-2023-3728 Use after free in WebRTC
2023-07-21 07:00:00
Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture
2023-07-21 07:00:00
debiancve
debiancve
veracode
veracode
Use After Free
2023-08-06 07:12:57
Authorization Bypass
2023-08-06 07:12:36
Use After Free
2023-08-06 07:12:51
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2023-08-01 23:15:00
Design/Logic Flaw
2023-08-01 23:15:00
Design/Logic Flaw
2023-08-01 23:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-115.0.5790.170-1.fc38
2023-08-12 04:26:44
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-01-31 00:00:00
Related for DEBIAN_DSA-5456.NASL