The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory.
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
(CVE-2021-37973)
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37956)
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37959)
Note that Nessus has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153666);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2021-37956",
"CVE-2021-37957",
"CVE-2021-37958",
"CVE-2021-37959",
"CVE-2021-37961",
"CVE-2021-37962",
"CVE-2021-37963",
"CVE-2021-37964",
"CVE-2021-37965",
"CVE-2021-37966",
"CVE-2021-37967",
"CVE-2021-37968",
"CVE-2021-37969",
"CVE-2021-37970",
"CVE-2021-37971",
"CVE-2021-37972",
"CVE-2021-37973"
);
script_xref(name:"IAVA", value:"2021-A-0448-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
script_name(english:"Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected
by multiple vulnerabilities as referenced in the September 24, 2021 advisory.
- Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had
compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
(CVE-2021-37973)
- Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker
who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37956)
- Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (CVE-2021-37957)
- Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a
remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)
- Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a
user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37959)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-24-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dbcb9b7");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 94.0.992.31 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37973");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/21");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '94.0.992.31' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973
www.nessus.org/u?6dbcb9b7
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973