Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL
HistoryJun 13, 2022 - 12:00 a.m.

Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities

2022-06-1300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32
JSON

The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory.

  • Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)

  • Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)

  • Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)

  • Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2022-2010)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162168);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id(
    "CVE-2022-2007",
    "CVE-2022-2008",
    "CVE-2022-2010",
    "CVE-2022-2011"
  );
  script_xref(name:"IAVA", value:"2022-A-0231-S");

  script_name(english:"Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected
by multiple vulnerabilities as referenced in the June 13, 2022 advisory.

  - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2011)

  - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2007)

  - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-2008)

  - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who
    had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2022-2010)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-13-2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c00d2c8a");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 102.0.1245.41 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2011");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2010");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
  { 'fixed_version' : '102.0.1245.41' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
microsoftedgecpe:/a:microsoft:edge

Related

nessus 9
kaspersky 3
mageia 1
openvas 8
freebsd 1
osv 1
suse 3
chrome 1
debian 1
malwarebytes 1
ubuntucve 4
veracode 4
mscve 4
cve 4
prion 4
debiancve 4
alpinelinux 2
qualysblog 1
rapid7blog 1
fedora 3
gentoo 1
nessus
nessus
Google Chrome < 102.0.5005.115 Multiple Vulnerabilities
2022-06-09 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec)
2022-06-09 00:00:00
Google Chrome < 102.0.5005.115 Multiple Vulnerabilities
2022-06-09 00:00:00
kaspersky
kaspersky
KLA12570 Multiple vulnerabilities in Opera
2022-06-13 00:00:00
KLA12558 Multiple vulnerabilities in Microsoft Browser
2022-06-13 00:00:00
KLA12556 Multiple vulnerabilities in Google Chrome
2022-06-09 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-06-17 00:05:59
openvas
openvas
Debian: Security Advisory (DSA-5163-1)
2022-06-14 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10010-1)
2024-03-04 00:00:00
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Jun 2022)
2022-06-15 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-06-09 00:00:00
osv
osv
chromium - security update
2022-06-12 00:00:00
suse
suse
Security update for chromium (critical)
2022-06-15 00:00:00
Security update for opera (important)
2022-07-13 00:00:00
Security update for chromium (critical)
2022-06-15 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2022-06-09 00:00:00
debian
debian
[SECURITY] [DSA 5163-1] chromium security update
2022-06-12 17:53:51
malwarebytes
malwarebytes
Update Chrome now: Four high risk vulnerabilities found
2022-06-13 14:20:34
ubuntucve
ubuntucve
CVE-2022-2007
2022-07-28 00:00:00
CVE-2022-2010
2022-07-28 00:00:00
CVE-2022-2011
2022-07-28 00:00:00
veracode
veracode
Out-of-Bounds Read
2022-06-18 17:03:47
Use After Free
2022-06-18 17:04:41
Use After Free
2022-06-18 17:03:46
mscve
mscve
Chromium: CVE-2022-2010 Out of bounds read in compositing
2022-06-13 19:42:03
Chromium: CVE-2022-2007 Use after free in WebGPU
2022-06-13 19:41:56
Chromium: CVE-2022-2011 Use after free in ANGLE
2022-06-13 19:42:05
cve
cve
CVE-2022-2007
2022-07-28 01:15:00
CVE-2022-2010
2022-07-28 01:15:00
CVE-2022-2011
2022-07-28 01:15:00
prion
prion
Design/Logic Flaw
2022-07-28 01:15:00
Design/Logic Flaw
2022-07-28 01:15:00
Design/Logic Flaw
2022-07-28 01:15:00
debiancve
debiancve
CVE-2022-2007
2022-07-28 01:15:00
CVE-2022-2010
2022-07-28 01:15:00
CVE-2022-2011
2022-07-28 01:15:00
alpinelinux
alpinelinux
CVE-2022-2010
2022-07-28 01:15:00
CVE-2022-2008
2022-07-28 01:15:00
qualysblog
qualysblog
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.
2022-06-14 20:00:00
rapid7blog
rapid7blog
Patch Tuesday - June 2022
2022-06-14 19:37:50
fedora
fedora
[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35
2022-10-05 01:05:03
[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37
2022-10-03 00:22:01
[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36
2022-10-05 01:01:54
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
2022-08-14 00:00:00
JSON
Related for MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL
nessus9kaspersky3mageia1openvas8freebsd1osv1suse3chrome1debian1malwarebytes1ubuntucve4veracode4mscve4cve4prion4debiancve4alpinelinux2qualysblog1rapid7blog1fedora3gentoo1