Lucene search

HistoryJun 13, 2024 - 12:00 a.m.

Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Linux

2024-06-1300:00:00

plugins.openvas.org

google chrome

linux

cve-2024-5830

cve-2024-5831

cve-2024-5832

cve-2024-5833

cve-2024-5834

cve-2024-5835

cve-2024-5836

cve-2024-5837

cve-2024-5838

cve-2024-5839

cve-2024-5840

cve-2024-5841

cve-2024-5842

cve-2024-5843

cve-2024-5844

cve-2024-5845

cve-2024-5846

cve-2024-5847

type confusion

use after free

spoofing

denial of service

version 126.0.6478.54

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Google Chrome is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:google:chrome";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.834050");
  script_version("2024-06-21T05:05:42+0000");
  script_cve_id("CVE-2024-5830", "CVE-2024-5831", "CVE-2024-5832", "CVE-2024-5833",
                "CVE-2024-5834", "CVE-2024-5835", "CVE-2024-5836", "CVE-2024-5837",
                "CVE-2024-5838", "CVE-2024-5839", "CVE-2024-5840", "CVE-2024-5841",
                "CVE-2024-5842", "CVE-2024-5843", "CVE-2024-5844", "CVE-2024-5845",
                "CVE-2024-5846", "CVE-2024-5847");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-06-21 05:05:42 +0000 (Fri, 21 Jun 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-06-20 13:05:43 +0000 (Thu, 20 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-06-13 06:21:01 +0530 (Thu, 13 Jun 2024)");
  script_name("Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Linux");

  script_tag(name:"summary", value:"Google Chrome is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"These vulnerabilities exist:

  - CVE-2024-5830: Type Confusion in V8

  - CVE-2024-5831: Use after free in Dawn

  Please see the references for more information on the vulnerabilities.");

  script_tag(name: "impact" , value:"Successful exploitation allows an attacker
  to run arbitrary code, conduct spoofing and cause a denial of service
  attacks.");

  script_tag(name: "affected" , value:"Google Chrome prior to version
  126.0.6478.54 on Linux");

  script_tag(name: "solution", value:"Update to version 126.0.6478.54 or
  later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("gb_google_chrome_detect_lin.nasl");
  script_mandatory_keys("Google-Chrome/Linux/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"126.0.6478.54")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"126.0.6478.54", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);