Lucene search

K

Google Chrome < 103.0.5060.114 Multiple Vulnerabilities

πŸ—“οΈΒ 04 Jul 2022Β 00:00:00Reported byΒ This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 69Β Views

The version of Google Chrome on the remote macOS host is vulnerable to multiple security flaws, including use after free, heap buffer overflow in WebRTC, and type confusion in V8

Show more
Related
Refs
Code
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162705);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id("CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296");
  script_xref(name:"IAVA", value:"2022-A-0262-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/15");

  script_name(english:"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.

  - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote
    attacker who convinced a user to engage in specific user interactions to potentially exploit heap
    corruption via direct UI interactions. (CVE-2022-2296)

  - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)

  - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2295)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f10a4e5");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1341043");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1336869");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/1327087");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 103.0.5060.114 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2296");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_google_chrome_installed.nbin");
  script_require_keys("MacOSX/Google Chrome/Installed");

  exit(0);
}
include('google_chrome_version.inc');

get_kb_item_or_exit('MacOSX/Google Chrome/Installed');

google_chrome_check_version(fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo