Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5404.NASLHistoryMay 18, 2023 - 12:00 a.m.
Debian DSA-5404-1 : chromium - security update
2023-05-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
debian 11
chromium
security update
multiple vulnerabilities
remote attacker
crafted html page
heap corruption
type confusion
remote code execution
inappropriate implementation
webapp installs
nessus scanner
0.007 Low
EPSS
Percentile
80.2%
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5404 advisory.
-
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721)
-
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
High) (CVE-2023-2722) -
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723)
-
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)
-
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-2725) -
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5404. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(176052);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/07");
script_cve_id(
"CVE-2023-2721",
"CVE-2023-2722",
"CVE-2023-2723",
"CVE-2023-2724",
"CVE-2023-2725",
"CVE-2023-2726"
);
script_xref(name:"IAVA", value:"2023-A-0260-S");
script_xref(name:"IAVA", value:"2023-A-0265-S");
script_name(english:"Debian DSA-5404-1 : chromium - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5404 advisory.
- Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
(CVE-2023-2721)
- Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote
attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
High) (CVE-2023-2722)
- Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had
compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium
security severity: High) (CVE-2023-2723)
- Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)
- Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a
user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-2725)
- Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an
attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML
page. (Chromium security severity: Medium) (CVE-2023-2726)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5404");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2721");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2722");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2723");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2724");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2725");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2726");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/chromium");
script_set_attribute(attribute:"solution", value:
"Upgrade the chromium packages.
For the stable distribution (bullseye), these problems have been fixed in version 113.0.5672.126-1~deb11u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2726");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-driver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-l10n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-sandbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium-shell");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'chromium', 'reference': '113.0.5672.126-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-common', 'reference': '113.0.5672.126-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-driver', 'reference': '113.0.5672.126-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '113.0.5672.126-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '113.0.5672.126-1~deb11u1'},
{'release': '11.0', 'prefix': 'chromium-shell', 'reference': '113.0.5672.126-1~deb11u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | chromium | p-cpe:/a:debian:debian_linux:chromium |
| debian | debian_linux | chromium-common | p-cpe:/a:debian:debian_linux:chromium-common |
| debian | debian_linux | chromium-driver | p-cpe:/a:debian:debian_linux:chromium-driver |
| debian | debian_linux | chromium-l10n | p-cpe:/a:debian:debian_linux:chromium-l10n |
| debian | debian_linux | chromium-sandbox | p-cpe:/a:debian:debian_linux:chromium-sandbox |
| debian | debian_linux | chromium-shell | p-cpe:/a:debian:debian_linux:chromium-shell |
| debian | debian_linux | 11.0 | cpe:/o:debian:debian_linux:11.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2726
packages.debian.org/source/bullseye/chromium
security-tracker.debian.org/tracker/CVE-2023-2721
security-tracker.debian.org/tracker/CVE-2023-2722
security-tracker.debian.org/tracker/CVE-2023-2723
security-tracker.debian.org/tracker/CVE-2023-2724
security-tracker.debian.org/tracker/CVE-2023-2725
security-tracker.debian.org/tracker/CVE-2023-2726
security-tracker.debian.org/tracker/source-package/chromium
www.debian.org/security/2023/dsa-5404
Related
nessus
nessus
Google Chrome < 113.0.5672.126 Multiple Vulnerabilities
2023-05-16 00:00:00
Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities
2023-05-23 00:00:00
Google Chrome < 113.0.5672.126 Multiple Vulnerabilities
2023-05-16 00:00:00
openvas
openvas
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities-02 (Jun 2023)
2023-06-15 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop_16-2023-05) - Mac OS X
2023-05-24 00:00:00
Debian: Security Advisory (DSA-5404-1)
2023-05-18 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2023-05-16 00:00:00
debian
debian
[SECURITY] [DSA 5404-1] chromium security update
2023-05-17 20:42:34
kaspersky
kaspersky
KLA49267 Multiple vulnerabilities in Opera
2023-05-18 00:00:00
KLA49223 Multiple vulnerabilities in Google Chrome
2023-05-16 00:00:00
KLA49268 Multiple vulnerabilities in Microsoft Browser
2023-05-18 00:00:00
osv
osv
chromium - security update
2023-05-17 00:00:00
CVE-2023-2724
2023-05-16 19:15:09
CVE-2023-2726
2023-05-16 19:15:09
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-05-16 00:00:00
electron22 -- multiple vulnerabilities
2023-06-14 00:00:00
electron23 -- multiple vulnerabilities
2023-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-113.0.5672.126-1.fc38
2023-05-22 01:38:55
[SECURITY] Fedora 37 Update: chromium-113.0.5672.126-1.fc37
2023-05-22 00:39:06
cnvd
cnvd
Google Chrome Type Obfuscation Vulnerability (CNVD-2023-43877)
2023-05-18 00:00:00
Google Chrome Navigation Memory Misreference Vulnerability
2023-05-18 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-46125)
2023-05-18 00:00:00
veracode
veracode
cve
cve
ubuntucve
ubuntucve
nvd
nvd
cvelist
cvelist
mscve
mscve
Chromium: CVE-2023-2726 Inappropriate implementation in WebApp Installs
2023-05-18 20:38:53
Chromium: CVE-2023-2724 Type Confusion in V8
2023-05-18 20:38:47
Chromium: CVE-2023-2723 Use after free in DevTools
2023-05-18 20:38:43
alpinelinux
alpinelinux
CVE-2023-2721
2023-05-16 19:15:09
prion
prion
Design/Logic Flaw
2023-05-16 19:15:00
Design/Logic Flaw
2023-05-16 19:15:00
Design/Logic Flaw
2023-05-16 19:15:00
debiancve
debiancve
packetstorm
packetstorm
Chrome Internal JavaScript Object Access Via Origin Trials
2023-06-27 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2023-09-30 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00