Lucene search

K
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-EA7128B5CE.NASL
HistoryAug 12, 2023 - 12:00 a.m.

Fedora 38 : chromium (2023-ea7128b5ce)

2023-08-1200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
81
fedora 38
chromium
vulnerabilities
file system
content security policy
heap corruption
arbitrary read/write
domain spoofing

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.028

Percentile

90.9%

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ea7128b5ce advisory.

  • Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-3443)

  • Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) (CVE-2022-3444)

  • Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-4911)

  • Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)

  • Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.
    (Chromium security severity: High) (CVE-2022-4913)

  • Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4914)

  • Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2022-2477)

  • Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)

  • Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)

  • Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)

  • Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
    (CVE-2022-2481)

  • Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4915)

  • Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)

  • Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:
    Low) (CVE-2022-4917)

  • Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)

  • Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1919)

  • Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)

  • Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4920)

  • Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-4921)

  • Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4922)

  • Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low) (CVE-2022-4923)

  • Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (Chromium security severity: High) (CVE-2022-4924)

  • Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) (CVE-2022-4925)

  • Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4926)

  • Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4316)

  • Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4317)

  • Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4318)

  • Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4319)

  • Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4320)

  • Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4321)

  • Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2021-4322)

  • Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2021-4323)

  • Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) (CVE-2021-4324)

  • Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070)

  • Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)

  • Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071)

  • Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072)

  • Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2023-4073)

  • Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074)

  • Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)

  • Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)

  • Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)

  • Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)

  • Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3727, CVE-2023-3728)

  • Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3730)

  • Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-3732)

  • Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3733)

  • Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    (Chromium security severity: Medium) (CVE-2023-3734)

  • Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3735)

  • Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3736)

  • Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3737)

  • Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3738)

  • Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low) (CVE-2023-3740)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-ea7128b5ce
#

include('compat.inc');

if (description)
{
  script_id(179714);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2021-4316",
    "CVE-2021-4317",
    "CVE-2021-4318",
    "CVE-2021-4319",
    "CVE-2021-4320",
    "CVE-2021-4321",
    "CVE-2021-4322",
    "CVE-2021-4323",
    "CVE-2021-4324",
    "CVE-2022-1919",
    "CVE-2022-2477",
    "CVE-2022-2478",
    "CVE-2022-2479",
    "CVE-2022-2480",
    "CVE-2022-2481",
    "CVE-2022-3443",
    "CVE-2022-3444",
    "CVE-2022-4911",
    "CVE-2022-4912",
    "CVE-2022-4913",
    "CVE-2022-4914",
    "CVE-2022-4915",
    "CVE-2022-4916",
    "CVE-2022-4917",
    "CVE-2022-4918",
    "CVE-2022-4919",
    "CVE-2022-4920",
    "CVE-2022-4921",
    "CVE-2022-4922",
    "CVE-2022-4923",
    "CVE-2022-4924",
    "CVE-2022-4925",
    "CVE-2022-4926",
    "CVE-2023-3727",
    "CVE-2023-3728",
    "CVE-2023-3730",
    "CVE-2023-3732",
    "CVE-2023-3733",
    "CVE-2023-3734",
    "CVE-2023-3735",
    "CVE-2023-3736",
    "CVE-2023-3737",
    "CVE-2023-3738",
    "CVE-2023-3740",
    "CVE-2023-4068",
    "CVE-2023-4069",
    "CVE-2023-4070",
    "CVE-2023-4071",
    "CVE-2023-4072",
    "CVE-2023-4073",
    "CVE-2023-4074",
    "CVE-2023-4075",
    "CVE-2023-4076",
    "CVE-2023-4077",
    "CVE-2023-4078"
  );
  script_xref(name:"FEDORA", value:"2023-ea7128b5ce");

  script_name(english:"Fedora 38 : chromium (2023-ea7128b5ce)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2023-ea7128b5ce advisory.

  - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote
    attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2022-3443)

  - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote
    attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security
    severity: Low) (CVE-2022-3444)

  - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker
    to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2022-4911)

  - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)

  - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote
    attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.
    (Chromium security severity: High) (CVE-2022-4913)

  - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who
    convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted
    HTML page. (Chromium security severity: Medium) (CVE-2022-4914)

  - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a
    user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2022-2477)

  - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2478)

  - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134
    allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive
    information from internal file directories via a crafted HTML page. (CVE-2022-2479)

  - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)

  - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a
    user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
    (CVE-2022-2481)

  - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote
    attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2022-4915)

  - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform
    arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)

  - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote
    attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:
    Low) (CVE-2022-4917)

  - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform
    arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)

  - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-1919)

  - Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to
    perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)

  - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who
    convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted
    HTML page. (Chromium security severity: High) (CVE-2022-4920)

  - Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who
    convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML
    page. (Chromium security severity: Low) (CVE-2022-4921)

  - Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to
    perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4922)

  - Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a
    privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium
    security severity: Low) (CVE-2022-4923)

  - Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had
    compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (Chromium security severity: High) (CVE-2022-4924)

  - Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote
    attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)
    (CVE-2022-4925)

  - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a
    remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2022-4926)

  - Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker
    to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4316)

  - Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform
    arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4317)

  - Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially
    exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4318)

  - Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform
    arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4319)

  - Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had
    compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium
    security severity: High) (CVE-2021-4320)

  - Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content
    security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4321)

  - Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user
    to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium
    security severity: Medium) (CVE-2021-4322)

  - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an
    attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome
    Extension. (Chromium security severity: Medium) (CVE-2021-4323)

  - Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote
    attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)
    (CVE-2021-4324)

  - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform
    arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068,
    CVE-2023-4070)

  - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)

  - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4071)

  - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker
    to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4072)

  - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote
    attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2023-4073)

  - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker
    to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4074)

  - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)

  - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially
    exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)

  - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker
    who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via
    a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)

  - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker
    who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via
    a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)

  - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3727,
    CVE-2023-3728)

  - Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who
    convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a
    crafted HTML page. (Chromium security severity: High) (CVE-2023-3730)

  - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who
    had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-3732)

  - Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote
    attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium
    security severity: Medium) (CVE-2023-3733)

  - Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a
    remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    (Chromium security severity: Medium) (CVE-2023-3734)

  - Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed
    a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2023-3735)

  - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a
    remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2023-3736)

  - Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote
    attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security
    severity: Medium) (CVE-2023-3737)

  - Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker
    to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3738)

  - Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a
    remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium
    security severity: Low) (CVE-2023-3740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-ea7128b5ce");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4078");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-4924");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'chromium-115.0.5790.170-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');
}
VendorProductVersionCPE
fedoraprojectfedora38cpe:/o:fedoraproject:fedora:38
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium

References

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.028

Percentile

90.9%