6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.2%
The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected by multiple vulnerabilities as referenced in the March 3, 2022 advisory.
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808)
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790)
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
(CVE-2022-0791)
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(158583);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/10");
script_cve_id(
"CVE-2022-0789",
"CVE-2022-0790",
"CVE-2022-0791",
"CVE-2022-0792",
"CVE-2022-0793",
"CVE-2022-0794",
"CVE-2022-0795",
"CVE-2022-0796",
"CVE-2022-0797",
"CVE-2022-0798",
"CVE-2022-0799",
"CVE-2022-0800",
"CVE-2022-0801",
"CVE-2022-0802",
"CVE-2022-0803",
"CVE-2022-0804",
"CVE-2022-0805",
"CVE-2022-0806",
"CVE-2022-0807",
"CVE-2022-0808",
"CVE-2022-0809"
);
script_xref(name:"IAVA", value:"2022-A-0096-S");
script_name(english:"Microsoft Edge (Chromium) < 99.0.1150.30 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected
by multiple vulnerabilities as referenced in the March 3, 2022 advisory.
- Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote
attacker who convinced a user to engage in a series of user interaction to potentially exploit heap
corruption via user interactions. (CVE-2022-0808)
- Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)
- Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a
user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML
page. (CVE-2022-0790)
- Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a
user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
(CVE-2022-0791)
- Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-3-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?764ee88a");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 99.0.1150.30 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0809");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0790");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/01");
script_set_attribute(attribute:"patch_publication_date", value:"2022/03/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '99.0.1150.30' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0809
www.nessus.org/u?764ee88a
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.2%