Google Chrome Security Update (stable-channel-update-for-desktop-2022-11) - Linux

2022-11-1800:00:00

plugins.openvas.org

google chrome

linux

vulnerabilities

update

exploitation

security bypass

denial of service

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Google Chrome is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:google:chrome";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.826708");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2022-3885", "CVE-2022-3886", "CVE-2022-3887", "CVE-2022-3888",
                "CVE-2022-3889", "CVE-2022-3890");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-11-09 22:15:00 +0000 (Wed, 09 Nov 2022)");
  script_tag(name:"creation_date", value:"2022-11-18 15:33:31 +0530 (Fri, 18 Nov 2022)");
  script_name("Google Chrome Security Update (stable-channel-update-for-desktop-2022-11) - Linux");

  script_tag(name:"summary", value:"Google Chrome is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to,

  - Use after free in V8.

  - Use after free in Speech Recognition.

  - Use after free in Web Workers.

  - Use after free in WebCodecs.

  - Type Confusion in V8.

  - Heap buffer overflow in Crashpad.");

  script_tag(name:"impact", value:"Successful exploitation will allow
  attackers to run arbitrary code, bypass security restrictions, conduct spoofing
  and cause a denial of service on affected system.");

  script_tag(name:"affected", value:"Google Chrome version prior to
  107.0.5304.110 on Linux");

  script_tag(name:"solution", value:"Upgrade to Google Chrome version
  107.0.5304.110 or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("General");
  script_dependencies("gb_google_chrome_detect_lin.nasl");
  script_mandatory_keys("Google-Chrome/Linux/Ver");
  exit(0);
}
include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
vers = infos['version'];
path = infos['location'];

if(version_is_less(version:vers, test_version:"107.0.5304.110"))
{
  report = report_fixed_ver(installed_version:vers, fixed_version:"107.0.5304.110", install_path:path);
  security_message(data:report);
  exit(0);
}
exit(99);