Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.GOOGLE_CHROME_113_0_5672_126.NASLHistoryMay 16, 2023 - 12:00 a.m.
Google Chrome < 113.0.5672.126 Multiple Vulnerabilities
2023-05-1600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
The version of Google Chrome installed on the remote Windows host is prior to 113.0.5672.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_05_stable-channel-update-for-desktop_16 advisory.
-
Use after free in Navigation. (CVE-2023-2721)
-
Use after free in Autofill UI. (CVE-2023-2722)
-
Use after free in DevTools. (CVE-2023-2723)
-
Type Confusion in V8. (CVE-2023-2724)
-
Use after free in Guest View. (CVE-2023-2725)
-
Inappropriate implementation in WebApp Installs. (CVE-2023-2726)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(175839);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/27");
script_cve_id(
"CVE-2023-2721",
"CVE-2023-2722",
"CVE-2023-2723",
"CVE-2023-2724",
"CVE-2023-2725",
"CVE-2023-2726"
);
script_xref(name:"IAVA", value:"2023-A-0260-S");
script_xref(name:"IAVA", value:"2023-A-0265-S");
script_name(english:"Google Chrome < 113.0.5672.126 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is prior to 113.0.5672.126. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2023_05_stable-channel-update-for-desktop_16 advisory.
- Use after free in Navigation. (CVE-2023-2721)
- Use after free in Autofill UI. (CVE-2023-2722)
- Use after free in DevTools. (CVE-2023-2723)
- Type Confusion in V8. (CVE-2023-2724)
- Use after free in Guest View. (CVE-2023-2725)
- Inappropriate implementation in WebApp Installs. (CVE-2023-2726)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1444360");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1400905");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1435166");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1433211");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1442516");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1442018");
# https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af1da632");
script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 113.0.5672.126 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2726");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("google_chrome_installed.nasl", "smb_hotfixes.nasl");
script_require_keys("SMB/Google_Chrome/Installed");
exit(0);
}
include('google_chrome_version.inc');
get_kb_item_or_exit('SMB/Google_Chrome/Installed');
var installs = get_kb_list('SMB/Google_Chrome/*');
var product_name = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows Server 2012" >< product_name)
audit(AUDIT_OS_SP_NOT_VULN);
google_chrome_check_version(installs:installs, fix:'113.0.5672.126', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2726
www.nessus.org/u?af1da632
crbug.com/1400905
crbug.com/1433211
crbug.com/1435166
crbug.com/1442018
crbug.com/1442516
crbug.com/1444360
Related
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-05-16 00:00:00
electron22 -- multiple vulnerabilities
2023-06-14 00:00:00
electron23 -- multiple vulnerabilities
2023-06-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5404-1)
2023-05-18 00:00:00
osv
osv
chromium - security update
2023-05-17 00:00:00
kaspersky
kaspersky
KLA49223 Multiple vulnerabilities in Google Chrome
2023-05-16 00:00:00
KLA49267 Multiple vulnerabilities in Opera
2023-05-18 00:00:00
KLA49268 Multiple vulnerabilities in Microsoft Browser
2023-05-18 00:00:00
nessus
nessus
Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities
2023-05-23 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (bea52545-f4a7-11ed-8290-a8a1599412c6)
2023-05-17 00:00:00
Google Chrome < 113.0.5672.126 Multiple Vulnerabilities
2023-05-16 00:00:00
debian
debian
[SECURITY] [DSA 5404-1] chromium security update
2023-05-17 20:42:59
chrome
chrome
Stable Channel Update for Desktop
2023-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: chromium-113.0.5672.126-1.fc37
2023-05-22 00:39:06
[SECURITY] Fedora 38 Update: chromium-113.0.5672.126-1.fc38
2023-05-22 01:38:55
mscve
mscve
Chromium: CVE-2023-2726 Inappropriate implementation in WebApp Installs
2023-05-18 20:38:53
Chromium: CVE-2023-2724 Type Confusion in V8
2023-05-18 20:38:47
Chromium: CVE-2023-2721 Use after free in Navigation
2023-05-18 20:38:36
cvelist
cvelist
cve
cve
veracode
veracode
prion
prion
Design/Logic Flaw
2023-05-16 19:15:00
Design/Logic Flaw
2023-05-16 19:15:00
Type confusion
2023-05-16 19:15:00
debiancve
debiancve
cnvd
cnvd
Google Chrome Type Obfuscation Vulnerability (CNVD-2023-43877)
2023-05-18 00:00:00
Google Chrome DevTools memory misreference vulnerability (CNVD-2023-43874)
2023-05-18 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-46125)
2023-05-18 00:00:00
ubuntucve
ubuntucve
packetstorm
packetstorm
Chrome Internal JavaScript Object Access Via Origin Trials
2023-06-27 00:00:00
alpinelinux
alpinelinux
CVE-2023-2721
2023-05-16 19:15:09
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2023-09-30 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
Related for GOOGLE_CHROME_113_0_5672_126.NASL