Lucene search

K
nessus
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_GOOGLE_CHROME_100_0_4896_127.NASL
HistoryApr 14, 2022 - 12:00 a.m.

Google Chrome < 100.0.4896.127 Vulnerability

2022-04-1400:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
114

8.7 High

AI Score

Confidence

Low

The version of Google Chrome installed on the remote macOS host is prior to 100.0.4896.127. It is, therefore, affected by a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.

  • Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159740);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/01");

  script_cve_id("CVE-2022-1364");
  script_xref(name:"IAVA", value:"2022-A-0156-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/06");

  script_name(english:"Google Chrome < 100.0.4896.127 Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote macOS host is prior to 100.0.4896.127. It is, therefore, affected
by a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.

  - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0d51f41d");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1315901");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 100.0.4896.127 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1364");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_google_chrome_installed.nbin");
  script_require_keys("MacOSX/Google Chrome/Installed");

  exit(0);
}
include('google_chrome_version.inc');

get_kb_item_or_exit('MacOSX/Google Chrome/Installed');

google_chrome_check_version(fix:'100.0.4896.127', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);
VendorProductVersion
googlechrome
How to find holes in your network?

Try incredible fast Vulners Perimeter Scanner and find vulnerabilities and unnecessary ip and ports in network devices inside your network before anyone else.

Try Network Scanner

8.7 High

AI Score

Confidence

Low

Related for MACOSX_GOOGLE_CHROME_100_0_4896_127.NASL