Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL
HistoryApr 16, 2021 - 12:00 a.m.

Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities

2021-04-1600:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(148693);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/10");

  script_cve_id(
    "CVE-2021-21201",
    "CVE-2021-21202",
    "CVE-2021-21203",
    "CVE-2021-21204",
    "CVE-2021-21205",
    "CVE-2021-21207",
    "CVE-2021-21208",
    "CVE-2021-21209",
    "CVE-2021-21210",
    "CVE-2021-21211",
    "CVE-2021-21212",
    "CVE-2021-21213",
    "CVE-2021-21214",
    "CVE-2021-21215",
    "CVE-2021-21216",
    "CVE-2021-21217",
    "CVE-2021-21218",
    "CVE-2021-21219",
    "CVE-2021-21221"
  );

  script_name(english:"Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected
by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue
but has instead relied only on the application's self-reported version number.");
  # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-15-2021
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de6e5227");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 90.0.818.39 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21214");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-21201");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
  { 'fixed_version' : '90.0.818.39' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
microsoftedgecpe:/a:microsoft:edge

References

Related

kaspersky 2
nessus 10
freebsd 2
chrome 1
osv 1
debian 1
openvas 6
archlinux 2
fedora 3
suse 3
mscve 19
alpinelinux 19
redhatcve 3
veracode 19
prion 19
debiancve 19
cve 19
ubuntucve 19
cnvd 1
gentoo 1
kaspersky
kaspersky
KLA12144 Multiple vulnerabiltiies in Google Chrome
2021-04-14 00:00:00
KLA12145 Multiple vulnerabilities in Microsoft Browser
2021-04-15 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)
2021-04-16 00:00:00
Google Chrome < 90.0.4430.72 Multiple Vulnerabilities
2021-04-14 00:00:00
Google Chrome < 90.0.4430.72 Multiple Vulnerabilities
2021-04-14 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-04-14 00:00:00
chromium -- multiple vulnerabilities
2021-05-25 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-04-14 00:00:00
osv
osv
chromium - security update
2021-04-27 00:00:00
debian
debian
[SECURITY] [DSA 4906-1] chromium security update
2021-04-28 01:49:06
openvas
openvas
Debian: Security Advisory (DSA-4906-1)
2021-04-30 00:00:00
openSUSE: Security Advisory for Chromium (openSUSE-SU-2021:0629-1)
2021-05-01 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2021-ff893e12c5)
2021-05-13 00:00:00
archlinux
archlinux
[ASA-202104-5] opera: multiple issues
2021-04-29 00:00:00
[ASA-202104-2] vivaldi: multiple issues
2021-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: chromium-90.0.4430.93-1.fc32
2021-05-12 05:35:46
[SECURITY] Fedora 33 Update: chromium-90.0.4430.93-1.fc33
2021-05-14 21:12:29
[SECURITY] Fedora 34 Update: chromium-90.0.4430.93-1.fc34
2021-05-12 05:44:40
suse
suse
Security update for Chromium (critical)
2021-05-01 00:00:00
Security update for chromium (important)
2021-06-04 00:00:00
Security update for chromium (important)
2021-06-02 00:00:00
mscve
mscve
Chromium: CVE-2021-21207 Use after free in IndexedDB
2021-04-15 18:40:04
Chromium: CVE-2021-21204 Use after free in Blink
2021-04-15 18:40:02
Chromium: CVE-2021-21210 Inappropriate implementation in Network
2021-04-15 18:40:05
alpinelinux
alpinelinux
CVE-2021-21203
2021-04-26 17:15:00
CVE-2021-21210
2021-04-26 17:15:00
CVE-2021-21211
2021-04-26 17:15:00
redhatcve
redhatcve
CVE-2021-21209
2022-05-20 22:41:04
CVE-2021-21204
2022-05-21 00:16:08
CVE-2021-21216
2022-05-20 22:31:11
veracode
veracode
Privilege Escalation
2021-04-21 17:43:07
CVE-2021-21204
2021-04-21 17:43:26
Incorrect Calculation
2021-04-21 17:43:02
prion
prion
Double free
2021-04-26 17:15:00
Code injection
2021-04-26 17:15:00
Design/Logic Flaw
2021-04-26 17:15:00
debiancve
debiancve
CVE-2021-21202
2021-04-26 17:15:00
CVE-2021-21208
2021-04-26 17:15:00
CVE-2021-21215
2021-04-26 17:15:00
cve
cve
CVE-2021-21210
2021-04-26 17:15:00
CVE-2021-21214
2021-04-26 17:15:00
CVE-2021-21219
2021-04-26 17:15:00
ubuntucve
ubuntucve
CVE-2021-21213
2021-04-26 00:00:00
CVE-2021-21215
2021-04-26 00:00:00
CVE-2021-21205
2021-04-26 00:00:00
cnvd
cnvd
Google Chrome is vulnerable to information disclosure (CNVD-2021-47672)
2021-06-19 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-04-30 00:00:00
JSON
Related for MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL
kaspersky2nessus10freebsd2chrome1osv1debian1openvas6archlinux2fedora3suse3mscve19alpinelinux19redhatcve3veracode19prion19debiancve19cve19ubuntucve19cnvd1gentoo1