The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected by multiple vulnerabilities as referenced in the March 17, 2022 advisory.
Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980)
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2022-0971)
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(CVE-2022-0972)
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)
Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159037);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id(
"CVE-2022-0971",
"CVE-2022-0972",
"CVE-2022-0973",
"CVE-2022-0974",
"CVE-2022-0975",
"CVE-2022-0976",
"CVE-2022-0977",
"CVE-2022-0978",
"CVE-2022-0979",
"CVE-2022-0980",
"CVE-2022-26899"
);
script_xref(name:"IAVA", value:"2022-A-0120-S");
script_xref(name:"IAVA", value:"2021-A-0544-S");
script_name(english:"Microsoft Edge (Chromium) < 99.0.1150.46 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected
by multiple vulnerabilities as referenced in the March 17, 2022 advisory.
- Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a
user to install a malicious extension to potentially exploit heap corruption via specific user
interactions. (CVE-2022-0980)
- Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker
who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2022-0971)
- Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a
user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(CVE-2022-0972)
- Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)
- Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote
attacker who convinced a user to engage in specific user interaction to potentially exploit heap
corruption via a crafted HTML page. (CVE-2022-0974)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-17-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cc84aae");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 99.0.1150.46 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26899");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0977");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/15");
script_set_attribute(attribute:"patch_publication_date", value:"2022/03/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '99.0.1150.46' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26899
www.nessus.org/u?0cc84aae
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899