Lucene search

HistoryJan 06, 2022 - 12:00 a.m.

Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities

2022-01-0600:00:00

www.tenable.com

The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory.

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107)
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096)
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097)
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098)
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.
(CVE-2022-0099)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156545);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");

  script_cve_id(
    "CVE-2022-0096",
    "CVE-2022-0097",
    "CVE-2022-0098",
    "CVE-2022-0099",
    "CVE-2022-0100",
    "CVE-2022-0101",
    "CVE-2022-0102",
    "CVE-2022-0103",
    "CVE-2022-0104",
    "CVE-2022-0105",
    "CVE-2022-0106",
    "CVE-2022-0107",
    "CVE-2022-0108",
    "CVE-2022-0109",
    "CVE-2022-0110",
    "CVE-2022-0111",
    "CVE-2022-0112",
    "CVE-2022-0113",
    "CVE-2022-0114",
    "CVE-2022-0115",
    "CVE-2022-0116",
    "CVE-2022-0117",
    "CVE-2022-0118",
    "CVE-2022-0120",
    "CVE-2022-21929",
    "CVE-2022-21930",
    "CVE-2022-21931",
    "CVE-2022-21954",
    "CVE-2022-21970"
  );

  script_name(english:"Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 6, 2022 advisory.

  - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker
    who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted
    HTML page. (CVE-2022-0107)

  - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (CVE-2022-0096)

  - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who
    convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox
    via a crafted HTML page. (CVE-2022-0097)

  - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker
    who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific
    user gestures. (CVE-2022-0098)

  - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a
    user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.
    (CVE-2022-0099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-6-2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10ad4694");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 97.0.1072.55 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21970");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0097");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/01/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
  { 'fixed_version' : '97.0.1072.55' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

VendorProductVersionCPE
microsoftedgecpe:/a:microsoft:edge

Vendor	Product	Version	CPE
microsoft	edge		cpe:/a:microsoft:edge

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21929

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21930

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21931

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21954

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21970

www.nessus.org/u?10ad4694

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970

JSON

Related for MICROSOFT_EDGE_CHROMIUM_97_0_1072_55.NASL