Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202104-08.NASL
HistoryMay 03, 2021 - 12:00 a.m.

GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities

2021-05-0300:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

8.5 High

AI Score

Confidence

Low

JSON

The remote host is affected by the vulnerability described in GLSA-202104-08 (Chromium, Google Chrome: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.

Impact :

Please review the referenced CVE identifiers for details.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202104-08.
#
# The advisory text is Copyright (C) 2001-2024 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(149223);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");

  script_cve_id(
    "CVE-2021-21142",
    "CVE-2021-21143",
    "CVE-2021-21144",
    "CVE-2021-21145",
    "CVE-2021-21146",
    "CVE-2021-21147",
    "CVE-2021-21148",
    "CVE-2021-21149",
    "CVE-2021-21150",
    "CVE-2021-21151",
    "CVE-2021-21152",
    "CVE-2021-21153",
    "CVE-2021-21154",
    "CVE-2021-21155",
    "CVE-2021-21156",
    "CVE-2021-21157",
    "CVE-2021-21159",
    "CVE-2021-21160",
    "CVE-2021-21161",
    "CVE-2021-21162",
    "CVE-2021-21163",
    "CVE-2021-21165",
    "CVE-2021-21166",
    "CVE-2021-21167",
    "CVE-2021-21168",
    "CVE-2021-21169",
    "CVE-2021-21170",
    "CVE-2021-21171",
    "CVE-2021-21172",
    "CVE-2021-21173",
    "CVE-2021-21174",
    "CVE-2021-21175",
    "CVE-2021-21176",
    "CVE-2021-21177",
    "CVE-2021-21178",
    "CVE-2021-21179",
    "CVE-2021-21180",
    "CVE-2021-21181",
    "CVE-2021-21182",
    "CVE-2021-21183",
    "CVE-2021-21184",
    "CVE-2021-21185",
    "CVE-2021-21186",
    "CVE-2021-21187",
    "CVE-2021-21188",
    "CVE-2021-21189",
    "CVE-2021-2119",
    "CVE-2021-21191",
    "CVE-2021-21192",
    "CVE-2021-21193",
    "CVE-2021-21194",
    "CVE-2021-21195",
    "CVE-2021-21196",
    "CVE-2021-21197",
    "CVE-2021-21198",
    "CVE-2021-21199",
    "CVE-2021-21201",
    "CVE-2021-21202",
    "CVE-2021-21203",
    "CVE-2021-21204",
    "CVE-2021-21205",
    "CVE-2021-21206",
    "CVE-2021-21207",
    "CVE-2021-21208",
    "CVE-2021-21209",
    "CVE-2021-21210",
    "CVE-2021-21211",
    "CVE-2021-21212",
    "CVE-2021-21213",
    "CVE-2021-21214",
    "CVE-2021-21215",
    "CVE-2021-21216",
    "CVE-2021-21217",
    "CVE-2021-21218",
    "CVE-2021-21219",
    "CVE-2021-21220",
    "CVE-2021-21221",
    "CVE-2021-21222",
    "CVE-2021-21223",
    "CVE-2021-21224",
    "CVE-2021-21225",
    "CVE-2021-21226",
    "CVE-2021-21227",
    "CVE-2021-21228",
    "CVE-2021-21229",
    "CVE-2021-21230",
    "CVE-2021-21231",
    "CVE-2021-21232",
    "CVE-2021-21233"
  );
  script_xref(name:"GLSA", value:"202104-08");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0007");

  script_name(english:"GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202104-08
(Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google
      Chrome. Please review the CVE identifiers referenced below for details.
  
Impact :

    Please review the referenced CVE identifiers for details.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202104-08");
  script_set_attribute(attribute:"solution", value:
"All Chromium users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-client/chromium-90.0.4430.93'
    All Google Chrome users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-client/google-chrome-90.0.4430.93'");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21233");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-21226");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 90.0.4430.93"), vulnerable:make_list("lt 90.0.4430.93"))) flag++;
if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 90.0.4430.93"), vulnerable:make_list("lt 90.0.4430.93"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome");
}
VendorProductVersionCPE
gentoolinuxchromiump-cpe:/a:gentoo:linux:chromium
gentoolinuxgoogle-chromep-cpe:/a:gentoo:linux:google-chrome
gentoolinuxcpe:/o:gentoo:linux

References

Related

openvas 47
fedora 10
gentoo 1
archlinux 7
kaspersky 22
debian 5
nessus 55
suse 15
osv 4
freebsd 8
mageia 1
chrome 9
threatpost 3
thn 8
malwarebytes 3
attackerkb 1
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2021-c3754414e7)
2021-05-13 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2021-35d2bb4627)
2021-05-15 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2021-ff893e12c5)
2021-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-90.0.4430.93-1.fc32
2021-05-12 05:35:46
[SECURITY] Fedora 33 Update: chromium-90.0.4430.93-1.fc33
2021-05-14 21:12:29
[SECURITY] Fedora 34 Update: chromium-90.0.4430.93-1.fc34
2021-05-12 05:44:40
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-04-30 00:00:00
archlinux
archlinux
[ASA-202104-2] vivaldi: multiple issues
2021-04-29 00:00:00
[ASA-202103-19] vivaldi: multiple issues
2021-03-25 00:00:00
[ASA-202104-5] opera: multiple issues
2021-04-29 00:00:00
kaspersky
kaspersky
KLA12144 Multiple vulnerabiltiies in Google Chrome
2021-04-14 00:00:00
KLA12145 Multiple vulnerabilities in Microsoft Browser
2021-04-15 00:00:00
KLA12107 Multiple vulnerabilities in Microsoft Browser
2021-03-04 00:00:00
debian
debian
[SECURITY] [DSA 4886-1] chromium security update
2021-04-06 13:38:49
[SECURITY] [DSA 4886-1] chromium security update
2021-04-06 13:38:49
[SECURITY] [DSA 4906-1] chromium security update
2021-04-28 01:49:06
nessus
nessus
Debian DSA-4886-1 : chromium - security update
2021-04-07 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)
2021-04-16 00:00:00
openSUSE Security Update : Chromium (openSUSE-2021-629)
2021-05-18 00:00:00
suse
suse
Security update for chromium (important)
2021-03-10 00:00:00
Security update for Chromium (critical)
2021-05-01 00:00:00
Security update for chromium (important)
2021-03-08 00:00:00
osv
osv
chromium - security update
2021-04-06 00:00:00
chromium - security update
2021-04-27 00:00:00
chromium - security update
2021-02-19 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-04-14 00:00:00
chromium -- multiple vulnerabilities
2021-03-02 00:00:00
chromium -- multiple vulnerabilities
2021-02-16 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2021-03-17 14:01:53
chrome
chrome
Stable Channel Update for Desktop
2021-03-02 00:00:00
Stable Channel Update for Desktop
2021-04-14 00:00:00
Stable Channel Update for Desktop
2021-02-16 00:00:00
threatpost
threatpost
Google Chrome V8 Bug Allows Remote Code-Execution
2021-04-28 17:48:16
Google Patches Actively Exploited Flaw in Chrome Browser
2021-03-03 21:17:14
Google Warns Mac, Windows Users of Chrome Zero-Day Flaw
2021-03-15 15:40:21
thn
thn
Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
2021-04-14 05:48:00
New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!
2021-06-10 04:14:00
Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild
2021-07-16 05:08:00
malwarebytes
malwarebytes
Update now! Chrome fix patches in-the-wild zero-day
2021-03-04 13:24:38
Update now! Google Chrome fixes two in-the-wild zero-days
2021-09-14 16:28:47
Update now! Chrome needs patching against two in-the-wild exploits
2021-04-14 15:01:58
attackerkb
attackerkb
CVE-2021-21193
2021-03-16 00:00:00

8.5 High

AI Score

Confidence

Low

JSON
Related for GENTOO_GLSA-202104-08.NASL
openvas47fedora10gentoo1archlinux7kaspersky22debian5nessus55suse15osv4freebsd8mageia1chrome9threatpost3thn8malwarebytes3attackerkb1