Fedora 43 : chromium (2026-40cf884ac9)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-40cf884ac9
#

include('compat.inc');

if (description)
{
  script_id(321637);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/20");

  script_cve_id(
    "CVE-2026-12007",
    "CVE-2026-12008",
    "CVE-2026-12009",
    "CVE-2026-12010",
    "CVE-2026-12011",
    "CVE-2026-12012",
    "CVE-2026-12013",
    "CVE-2026-12014",
    "CVE-2026-12015",
    "CVE-2026-12016",
    "CVE-2026-12017",
    "CVE-2026-12018",
    "CVE-2026-12019",
    "CVE-2026-12020",
    "CVE-2026-12022",
    "CVE-2026-12023",
    "CVE-2026-12024",
    "CVE-2026-12025",
    "CVE-2026-12026",
    "CVE-2026-12027",
    "CVE-2026-12028",
    "CVE-2026-12029",
    "CVE-2026-12030",
    "CVE-2026-12031",
    "CVE-2026-12032",
    "CVE-2026-12033",
    "CVE-2026-12034",
    "CVE-2026-12035"
  );
  script_xref(name:"FEDORA", value:"2026-40cf884ac9");

  script_name(english:"Fedora 43 : chromium (2026-40cf884ac9)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-40cf884ac9 advisory.

    Update to 149.0.7827.114

      * CVE-2026-12007: Use after free  Core
      * CVE-2026-12008: Use after free  DigitalCredentials
      * CVE-2026-12009: Insufficient validation of untrusted input  Accessibility
      * CVE-2026-12010: Heap buffer overflow  GPU
      * CVE-2026-12011: Use after free  WebMIDI
      * CVE-2026-12012: Use after free  Network
      * CVE-2026-12013: Use after free  Media
      * CVE-2026-12014: Use after free  Cast
      * CVE-2026-12015: Use after free  Autofill
      * CVE-2026-12016: Insufficient validation of untrusted input  DevTools
      * CVE-2026-12017: Insufficient validation of untrusted input  Extensions
      * CVE-2026-12018: Inappropriate implementation  Mojo
      * CVE-2026-12019: Out of bounds write  Codecs
      * CVE-2026-12020: Use after free  Autofill
      * CVE-2026-12022: Race  Safe Browsing
      * CVE-2026-12023: Use after free  GPU
      * CVE-2026-12024: Insufficient policy enforcement  DevTools
      * CVE-2026-12025: Insufficient validation of untrusted input  Network
      * CVE-2026-12026: Out of bounds read  Video
      * CVE-2026-12027: Insufficient policy enforcement  Headless
      * CVE-2026-12028: Use after free  GPU
      * CVE-2026-12029: Use after free  Video
      * CVE-2026-12030: Heap buffer overflow  GPU
      * CVE-2026-12031: Inappropriate implementation  Views
      * CVE-2026-12032: Inappropriate implementation  Passwords
      * CVE-2026-12033: Out of bounds read  VideoCapture
      * CVE-2026-12034: Insufficient validation of untrusted input  Linux Toolkit Theming
      * CVE-2026-12035: Use after free  Views
    - Disable AI Mode settings


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-40cf884ac9");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-12026");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:43");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^43([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 43', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '43',
    'pkgs': [
      {'reference':'chromium-149.0.7827.114-1.fc43', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');
}