Lucene search

HistoryMay 30, 2024 - 12:00 a.m.

Google Chrome < 125.0.6422.141 Multiple Vulnerabilities

2024-05-3000:00:00

www.tenable.com

google chrome

vulnerabilities

heap buffer overflow

use after free

out of bounds memory access

security advisory

webrtc

dawn

media session

keyboard inputs

presentation api

streams api

macos host

nessus scanner

0.0004 Low

EPSS

Percentile

15.7%

JSON

The version of Google Chrome installed on the remote macOS host is prior to 125.0.6422.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory.

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5493)
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5494, CVE-2024-5495)
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5496)
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5497)
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5498)
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5499)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(198162);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");

  script_cve_id(
    "CVE-2024-5493",
    "CVE-2024-5494",
    "CVE-2024-5495",
    "CVE-2024-5496",
    "CVE-2024-5497",
    "CVE-2024-5498",
    "CVE-2024-5499"
  );
  script_xref(name:"IAVA", value:"2024-A-0324-S");

  script_name(english:"Google Chrome < 125.0.6422.141 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote macOS host is prior to 125.0.6422.141. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory.

  - Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2024-5493)

  - Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5494,
    CVE-2024-5495)

  - Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to
    execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    (CVE-2024-5496)

  - Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote
    attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via
    a crafted HTML page. (Chromium security severity: High) (CVE-2024-5497)

  - Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2024-5498)

  - Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to
    execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    (CVE-2024-5499)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ee344b4b");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/339877165");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/338071106");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/338103465");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/338929744");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/339061099");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/339588211");
  script_set_attribute(attribute:"see_also", value:"https://crbug.com/339877167");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 125.0.6422.141 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-5498");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_google_chrome_installed.nbin");
  script_require_keys("MacOSX/Google Chrome/Installed");

  exit(0);
}
include('google_chrome_version.inc');

get_kb_item_or_exit('MacOSX/Google Chrome/Installed');

google_chrome_check_version(fix:'125.0.6422.141', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);

VendorProductVersionCPE
googlechromecpe:/a:google:chrome

Vendor	Product	Version	CPE
google	chrome		cpe:/a:google:chrome

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5493

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5494

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5495

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5496

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5497

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5498

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5499

www.nessus.org/u?ee344b4b

crbug.com/338071106

crbug.com/338103465

crbug.com/338929744

crbug.com/339061099

crbug.com/339588211

crbug.com/339877165

crbug.com/339877167

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for MACOSX_GOOGLE_CHROME_125_0_6422_141.NASL