Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.GOOGLE_CHROME_104_0_5112_101.NASL
HistoryAug 16, 2022 - 12:00 a.m.

Google Chrome < 104.0.5112.101 Multiple Vulnerabilities

2022-08-1600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
JSON

The version of Google Chrome installed on the remote Windows host is prior to 104.0.5112.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_16 advisory.

  • Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)

  • Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)

  • Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)

  • Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)

  • Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164155);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/25");

  script_cve_id(
    "CVE-2022-2852",
    "CVE-2022-2853",
    "CVE-2022-2854",
    "CVE-2022-2855",
    "CVE-2022-2856",
    "CVE-2022-2857",
    "CVE-2022-2858",
    "CVE-2022-2859",
    "CVE-2022-2860",
    "CVE-2022-2861",
    "CVE-2022-2998"
  );
  script_xref(name:"IAVA", value:"2022-A-0332-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/08");

  script_name(english:"Google Chrome < 104.0.5112.101 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is prior to 104.0.5112.101. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop_16 advisory.

  - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who
    convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific
    UI interactions. (CVE-2022-2859)

  - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2852)

  - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote
    attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted
    HTML page. (CVE-2022-2853)

  - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)

  - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2855)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b4b7ba3");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1349322");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1337538");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1345042");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1338135");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1341918");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1350097");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1345630");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1338412");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1345193");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1346236");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 104.0.5112.101 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2998");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}
include('google_chrome_version.inc');

get_kb_item_or_exit('SMB/Google_Chrome/Installed');
var installs = get_kb_list('SMB/Google_Chrome/*');

google_chrome_check_version(installs:installs, fix:'104.0.5112.101', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);
VendorProductVersionCPE
googlechromecpe:/a:google:chrome

Related

kaspersky 5
freebsd 1
openvas 11
nessus 10
suse 3
debian 1
chrome 2
osv 1
mageia 1
malwarebytes 3
debiancve 11
cve 11
veracode 11
mscve 9
prion 11
ubuntucve 11
hivepro 1
cnvd 2
attackerkb 1
cisa_kev 1
threatpost 1
gentoo 1
fedora 3
thn 6
qualysblog 2
avleonov 1
kaspersky
kaspersky
KLA15725 Multiple vulnerabilities in Opera
2022-08-23 00:00:00
KLA15722 Multiple vulnerabilities in Google Chrome
2022-08-16 00:00:00
KLA15724 Multiple vulnerabilities in Microsoft Browser
2022-08-19 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-08-16 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_16-2022-08) - Linux
2022-08-18 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_16-2022-08) - Mac OS X
2022-08-18 00:00:00
openSUSE: Security Advisory for opera (openSUSE-SU-2022:10109-1)
2024-03-04 00:00:00
nessus
nessus
Google Chrome < 104.0.5112.101 Multiple Vulnerabilities
2022-08-16 00:00:00
openSUSE 15 Security Update : opera (openSUSE-SU-2022:10109-1)
2022-08-30 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10099-1)
2022-08-26 00:00:00
suse
suse
Security update for opera (important)
2022-08-29 00:00:00
Security update for chromium (important)
2022-08-25 00:00:00
Security update for opera (important)
2022-08-29 00:00:00
debian
debian
[SECURITY] [DSA 5212-1] chromium security update
2022-08-17 22:57:57
chrome
chrome
Stable Channel Update for Desktop
2022-08-16 00:00:00
Stable Channel Update for ChromeOS
2022-09-07 00:00:00
osv
osv
chromium - security update
2022-08-18 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-08-26 00:21:07
malwarebytes
malwarebytes
Update Chrome now! Google issues patch for zero day spotted in the wild
2022-08-17 11:00:00
Zero-day puts a dent in Chrome's mojo
2022-09-05 16:30:00
CISA wants you to patch these actively exploited vulnerabilities before September 8
2022-08-22 15:00:00
debiancve
debiancve
CVE-2022-2861
2022-09-26 16:15:00
CVE-2022-2854
2022-09-26 16:15:00
CVE-2022-2859
2022-09-26 16:15:00
cve
cve
CVE-2022-2861
2022-09-26 16:15:00
CVE-2022-2859
2022-09-26 16:15:00
CVE-2022-2855
2022-09-26 16:15:00
veracode
veracode
Denial Of Service (DoS)
2022-09-01 10:46:12
Remote Code Execution
2022-09-01 10:43:30
Use-After-Free
2022-09-01 10:42:51
mscve
mscve
Chromium: CVE-2022-2854 Use after free in SwiftShader
2022-08-19 07:00:00
Chromium: CVE-2022-2861 Inappropriate implementation in Extensions API
2022-08-19 07:00:00
Chromium: CVE-2022-2858 Use after free in Sign-In Flow
2022-08-19 07:00:00
prion
prion
Design/Logic Flaw
2022-09-26 16:15:00
Design/Logic Flaw
2022-09-26 16:15:00
Design/Logic Flaw
2022-09-26 16:15:00
ubuntucve
ubuntucve
CVE-2022-2861
2022-09-26 00:00:00
CVE-2022-2854
2022-09-26 00:00:00
CVE-2022-2859
2022-09-26 00:00:00
hivepro
hivepro
Chrome’s zero-day flaw allows arbitrary code execution
2022-08-19 04:40:16
cnvd
cnvd
Google Chrome Intents security bypass vulnerability
2022-08-18 00:00:00
Google Chrome FedCM code execution vulnerability
2022-08-18 00:00:00
attackerkb
attackerkb
CVE-2022-2856
2022-09-26 00:00:00
cisa_kev
cisa_kev
Google Chromium Intents Insufficient Input Validation Vulnerability
2022-08-18 00:00:00
threatpost
threatpost
Google Patches Chrome’s Fifth Zero-Day of the Year
2022-08-18 14:31:38
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2022-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36
2022-10-05 01:01:54
[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37
2022-10-03 00:22:01
[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35
2022-10-05 01:05:03
thn
thn
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
2022-08-17 12:02:00
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
2022-09-03 03:56:00
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
2022-10-28 10:40:00
qualysblog
qualysblog
The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend
2022-12-03 05:24:27
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.
2022-09-13 20:00:00
avleonov
avleonov
Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB
2022-09-23 22:44:11
JSON
Related for GOOGLE_CHROME_104_0_5112_101.NASL
kaspersky5freebsd1openvas11nessus10suse3debian1chrome2osv1mageia1malwarebytes3debiancve11cve11veracode11mscve9prion11ubuntucve11hivepro1cnvd2attackerkb1cisa_kev1threatpost1gentoo1fedora3thn6qualysblog2avleonov1