Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310832091
HistoryJun 14, 2023 - 12:00 a.m.

Microsoft Edge (Chromium-Based) Type Confusion Vulnerability (Jun 2023)

2023-06-1400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
4

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Microsoft Edge (Chromium-Based) is prone to
a type confusion vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:microsoft:edge_chromium_based";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832091");
  script_version("2024-02-19T05:05:57+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2023-3079");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-06-12 16:47:00 +0000 (Mon, 12 Jun 2023)");
  script_tag(name:"creation_date", value:"2023-06-14 11:40:38 +0530 (Wed, 14 Jun 2023)");
  script_name("Microsoft Edge (Chromium-Based) Type Confusion Vulnerability (Jun 2023)");

  script_tag(name:"summary", value:"Microsoft Edge (Chromium-Based) is prone to
  a type confusion vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"The flaw exists due to type confusion vulnerability in V8
  in Microsoft Edge.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker
  to  execute arbitrary code, gain access to sensitive information, bypass
  security restrictions, cause denial of service and may have other impacts.");

  script_tag(name:"affected", value:"Microsoft Edge (Chromium-Based) prior to version 114.0.1823.41.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"solution", value:"The vendor has released updates. Please see
  the references for more information.");

  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security");
  script_xref(name:"URL", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("gb_microsoft_edge_chromium_based_detect_win.nasl");
  script_mandatory_keys("microsoft_edge_chromium/installed", "microsoft_edge_chromium/ver");
  exit(0);
}
include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
vers = infos['version'];
path = infos['location'];

if(version_is_less(version:vers, test_version:"114.0.1823.41"))
{
  report = report_fixed_ver(installed_version:vers, fixed_version:"114.0.1823.41", install_path:path);
  security_message(data:report);
  exit(0);
}
exit(99);

Related

chrome 1
kaspersky 2
mscve 1
prion 1
malwarebytes 1
nessus 14
debiancve 1
veracode 1
freebsd 4
cisa_kev 1
openvas 8
ubuntucve 1
debian 1
osv 1
cnvd 1
hivepro 1
githubexploit 1
alpinelinux 1
cvelist 1
cve 1
attackerkb 1
fedora 2
talosblog 1
qualysblog 1
thn 7
securelist 1
avleonov 1
rapid7blog 1
gentoo 2
chrome
chrome
Stable Channel Update for Desktop
2023-06-05 00:00:00
kaspersky
kaspersky
KLA49376 DoS vulnerability in Google Chrome
2023-06-05 00:00:00
KLA49380 DoS vulnerability in Microsoft Browser
2023-06-06 00:00:00
mscve
mscve
Chromium: CVE-2023-3079 Type Confusion in V8
2023-06-06 22:35:45
prion
prion
Type confusion
2023-06-05 22:15:00
malwarebytes
malwarebytes
Update Chrome now! Google patches actively exploited zero-day
2023-06-08 01:00:00
nessus
nessus
Microsoft Edge (Chromium) < 109.0.1518.115 (CVE-2023-3079)
2024-05-08 00:00:00
Google Chrome < 114.0.5735.110 Vulnerability
2023-06-05 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (12741b1f-04f9-11ee-8290-a8a1599412c6)
2023-06-07 00:00:00
debiancve
debiancve
CVE-2023-3079
2023-06-05 22:15:12
veracode
veracode
Denial Of Service (DoS)
2023-06-07 06:47:21
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-06-05 00:00:00
electron24 -- multiple vulnerabilities
2023-06-14 00:00:00
electron22 -- multiple vulnerabilities
2023-06-14 00:00:00
cisa_kev
cisa_kev
Google Chromium V8 Type Confusion Vulnerability
2023-06-07 00:00:00
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop-2023-06) - Mac OS X
2023-06-08 00:00:00
Debian: Security Advisory (DSA-5420-1)
2023-06-08 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop-2023-06) - Windows
2023-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2023-3079
2023-06-05 00:00:00
debian
debian
[SECURITY] [DSA 5420-1] chromium security update
2023-06-07 17:27:16
osv
osv
chromium - security update
2023-06-07 00:00:00
cnvd
cnvd
Google Chrome Type Mixing Vulnerability
2023-06-07 00:00:00
hivepro
hivepro
Google Addresses High-Stakes Chrome Zero-Day Vulnerability
2023-06-07 12:17:52
githubexploit
githubexploit
Exploit for Type Confusion in Google Chrome
2023-08-15 04:16:46
alpinelinux
alpinelinux
CVE-2023-3079
2023-06-05 22:15:12
cvelist
cvelist
CVE-2023-3079
2023-06-05 21:40:06
cve
cve
CVE-2023-3079
2023-06-05 22:15:12
attackerkb
attackerkb
CVE-2023-3079
2023-06-05 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-114.0.5735.106-1.fc38
2023-06-11 02:03:59
[SECURITY] Fedora 37 Update: chromium-114.0.5735.106-1.fc37
2023-06-17 02:09:07
talosblog
talosblog
Now’s not the time to take our foot off the gas when it comes to fighting disinformation online
2023-06-08 18:00:35
qualysblog
qualysblog
Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape
2023-07-11 14:01:53
thn
thn
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!
2023-06-06 10:21:00
Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
2023-09-12 05:15:00
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
2023-09-28 03:13:00
securelist
securelist
IT threat evolution in Q2 2023. Non-mobile statistics
2023-08-30 10:00:41
avleonov
avleonov
Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP
2023-06-25 00:35:58
rapid7blog
rapid7blog
Patch Tuesday - June 2023
2023-06-13 20:49:27
gentoo
gentoo
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-01-31 00:00:00

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON
Related for OPENVAS:1361412562310832091
chrome1kaspersky2mscve1prion1malwarebytes1nessus14debiancve1veracode1freebsd4cisa_kev1openvas8ubuntucve1debian1osv1cnvd1hivepro1githubexploit1alpinelinux1cvelist1cve1attackerkb1fedora2talosblog1qualysblog1thn7securelist1avleonov1rapid7blog1gentoo2