Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_84_0_522_40.NASL
HistoryJul 28, 2020 - 12:00 a.m.

Microsoft Edge (Chromium) < 84.0.522.40 Multiple Vulnerabilities

2020-07-2800:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 84.0.522.40. It is, therefore, affected by multiple vulnerabilities :

  • Heap-based buffer overflow in PDFium allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (CVE-2020-6513)

  • Use after free in tab strip allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-6515)

  • Out of bounds write in Skia allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-6523)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional use-after-free vulnerabilities, multiple heap-based buffer overflow conditions, privilege escalation, type confusion, and insufficient policy enforcements.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(139034);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/12");

  script_cve_id(
    "CVE-2020-1341",
    "CVE-2020-6510",
    "CVE-2020-6511",
    "CVE-2020-6512",
    "CVE-2020-6513",
    "CVE-2020-6514",
    "CVE-2020-6515",
    "CVE-2020-6516",
    "CVE-2020-6517",
    "CVE-2020-6518",
    "CVE-2020-6519",
    "CVE-2020-6520",
    "CVE-2020-6522",
    "CVE-2020-6523",
    "CVE-2020-6524",
    "CVE-2020-6525",
    "CVE-2020-6526",
    "CVE-2020-6527",
    "CVE-2020-6528",
    "CVE-2020-6529",
    "CVE-2020-6530",
    "CVE-2020-6531",
    "CVE-2020-6533",
    "CVE-2020-6534",
    "CVE-2020-6535",
    "CVE-2020-6536"
  );
  script_xref(name:"IAVA", value:"2020-A-0302-S");

  script_name(english:"Microsoft Edge (Chromium) < 84.0.522.40 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 84.0.522.40. It is,
therefore, affected by multiple vulnerabilities :

  - Heap-based buffer overflow in PDFium allowed a remote attacker to potentially exploit heap corruption via a
    crafted PDF file. (CVE-2020-6513)

  - Use after free in tab strip allowed a remote attacker to potentially exploit heap corruption via a crafted
    HTML page. (CVE-2020-6515)

  - Out of bounds write in Skia allowed a remote attacker to potentially exploit heap corruption via a crafted
    HTML page. (CVE-2020-6523)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional
use-after-free vulnerabilities, multiple heap-based buffer overflow conditions, privilege escalation, type confusion,
and insufficient policy enforcements.");
  # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4f0f972");
  # https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2ec7f076");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge (Chromium) 84.0.522.40 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6524");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-6522");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');

app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);

constraints = [{ 'fixed_version' : '84.0.522.40' }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
microsoftedgecpe:/a:microsoft:edge

References

Related

nessus 12
suse 6
kaspersky 2
openvas 7
chrome 1
fedora 2
freebsd 1
gentoo 2
redhat 1
redhatcve 25
cve 26
veracode 25
prion 25
debiancve 25
ubuntucve 25
talos 1
mscve 1
alpinelinux 1
zdt 2
googleprojectzero 1
githubexploit 2
thn 2
packetstorm 1
cisa 1
checkpoint_advisories 1
exploitdb 1
nessus
nessus
openSUSE Security Update : opera (openSUSE-2020-1148)
2020-08-06 00:00:00
Google Chrome < 84.0.4147.89 Multiple Vulnerabilities
2020-07-14 00:00:00
openSUSE Security Update : opera (openSUSE-2020-1172)
2020-08-10 00:00:00
suse
suse
Security update for opera (moderate)
2020-08-09 00:00:00
Security update for chromium (important)
2020-09-18 00:00:00
Security update for opera (moderate)
2020-08-05 00:00:00
kaspersky
kaspersky
KLA11869 Multiple vulnerability in Google Chrome
2020-07-14 00:00:00
KLA11870 PE vulnerability in Microsoft Browser
2020-07-16 00:00:00
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2020-bf684961d9)
2020-07-31 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2020:1020-1)
2020-07-21 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2020:1021-1)
2020-07-21 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2020-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-84.0.4147.89-1.fc32
2020-07-30 17:54:07
[SECURITY] Fedora 31 Update: chromium-84.0.4147.89-1.fc31
2020-08-02 01:09:48
freebsd
freebsd
chromium -- multiple vulnerabilities
2020-07-14 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-07-26 00:00:00
Qt WebEngine: Multiple vulnerabilities
2021-01-26 00:00:00
redhat
redhat
(RHSA-2020:3377) Critical: chromium-browser security update
2020-08-10 06:22:50
redhatcve
redhatcve
CVE-2020-6518
2020-07-15 17:08:20
CVE-2020-6523
2020-07-15 17:08:07
CVE-2020-6522
2020-07-15 17:08:40
cve
cve
CVE-2020-6518
2020-07-22 17:15:00
CVE-2020-6534
2020-07-22 17:15:00
CVE-2020-6529
2020-07-22 17:15:00
veracode
veracode
Out Of Bounds Write
2020-12-21 19:50:03
Authentication Bypass
2020-12-21 19:49:58
Denial Of Service (DoS)
2020-09-21 06:32:27
prion
prion
Design/Logic Flaw
2020-07-22 17:15:00
Type confusion
2020-07-22 17:15:00
Design/Logic Flaw
2020-07-22 17:15:00
debiancve
debiancve
CVE-2020-6533
2020-07-22 17:15:00
CVE-2020-6522
2020-07-22 17:15:00
CVE-2020-6518
2020-07-22 17:15:00
ubuntucve
ubuntucve
CVE-2020-6534
2020-07-22 00:00:00
CVE-2020-6518
2020-07-22 00:00:00
CVE-2020-6522
2020-07-22 00:00:00
talos
talos
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability
2020-09-14 00:00:00
mscve
mscve
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2020-07-16 07:00:00
alpinelinux
alpinelinux
CVE-2020-6514
2020-07-22 17:15:00
zdt
zdt
WebRTC usrsctp Incorrect Call Vulnerability
2020-08-01 00:00:00
Chromium 83 - Full CSP Bypass Exploit
2020-12-04 00:00:00
googleprojectzero
googleprojectzero
Exploiting Android Messengers with WebRTC: Part 3
2020-08-06 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Chrome
2020-08-09 20:06:50
Exploit for Vulnerability in Google Chrome
2020-08-09 08:25:40
thn
thn
Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers
2020-08-11 14:22:00
New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely
2021-04-14 14:43:00
packetstorm
packetstorm
Chromium 83 CSP Bypass
2020-12-04 00:00:00
cisa
cisa
Microsoft Releases Security Update for Edge
2020-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome Heap Corruption (CVE-2020-6514)
2020-08-24 00:00:00
exploitdb
exploitdb
Chromium 83 - Full CSP Bypass
2020-12-04 00:00:00
JSON
Related for MICROSOFT_EDGE_CHROMIUM_84_0_522_40.NASL
nessus12suse6kaspersky2openvas7chrome1fedora2freebsd1gentoo2redhat1redhatcve25cve26veracode25prion25debiancve25ubuntucve25talos1mscve1alpinelinux1zdt2googleprojectzero1githubexploit2thn2packetstorm1cisa1checkpoint_advisories1exploitdb1