Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:13614125623111120245602HistoryJan 18, 2024 - 12:00 a.m.
Debian: Security Advisory (DSA-5602-1)
2024-01-1800:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
9
debian
security advisory
chromium
dsa-5602-1
vulnerability
update
package
debian 11
debian 12
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.002
Percentile
58.9%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.1.1.2024.5602");
script_cve_id("CVE-2024-0517", "CVE-2024-0518", "CVE-2024-0519");
script_tag(name:"creation_date", value:"2024-01-18 04:23:26 +0000 (Thu, 18 Jan 2024)");
script_version("2024-08-08T05:05:41+0000");
script_tag(name:"last_modification", value:"2024-08-08 05:05:41 +0000 (Thu, 08 Aug 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-01-22 19:53:33 +0000 (Mon, 22 Jan 2024)");
script_name("Debian: Security Advisory (DSA-5602-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(11|12)");
script_xref(name:"Advisory-ID", value:"DSA-5602-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2024/DSA-5602-1");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'chromium' package(s) announced via the DSA-5602-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"affected", value:"'chromium' package(s) on Debian 11, Debian 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB11") {
if(!isnull(res = isdpkgvuln(pkg:"chromium", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-common", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-driver", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-l10n", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-sandbox", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-shell", ver:"120.0.6099.224-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB12") {
if(!isnull(res = isdpkgvuln(pkg:"chromium", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-common", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-driver", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-l10n", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-sandbox", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"chromium-shell", ver:"120.0.6099.224-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_16-2024-01) - Windows
2024-01-17 00:00:00
Mageia: Security Advisory (MGASA-2024-0017)
2024-01-26 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2024-01-25 14:21:08
nessus
nessus
FreeBSD : chromium -- multiple security fixes (1bc07be0-b514-11ee-86bb-a8a1599412c6)
2024-01-17 00:00:00
Google Chrome < 120.0.6099.224 Multiple Vulnerabilities
2024-01-16 00:00:00
Google Chrome < 120.0.6099.224 Multiple Vulnerabilities
2024-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-120.0.6099.224-1.fc38
2024-01-19 03:26:20
[SECURITY] Fedora 39 Update: chromium-120.0.6099.224-1.fc39
2024-01-19 02:43:05
chrome
chrome
Stable Channel Update for Desktop
2024-01-16 00:00:00
freebsd
freebsd
chromium -- multiple security fixes
2024-01-16 00:00:00
electron{26,27} -- multiple vulnerabilities
2024-01-17 00:00:00
electron26 -- Out of bounds memory access in V8
2024-01-18 00:00:00
debian
debian
[SECURITY] [DSA 5602-1] chromium security update
2024-01-18 00:06:13
osv
osv
chromium - security update
2024-01-17 00:00:00
CVE-2024-0517
2024-01-16 22:15:37
CVE-2024-0518
2024-01-16 22:15:37
kaspersky
kaspersky
KLA63109 Multiple vulnerabilities in Google Chrome
2024-01-16 00:00:00
KLA63137 Multiple vulnerabilities in Microsoft Browser
2024-01-17 00:00:00
malwarebytes
malwarebytes
Update Chrome! Google patches actively exploited zero-day vulnerability
2024-01-18 11:44:45
prion
prion
Design/Logic Flaw
2024-01-16 22:15:00
Type confusion
2024-01-16 22:15:00
Design/Logic Flaw
2024-01-16 22:15:00
cve
cve
cvelist
cvelist
veracode
veracode
Out-of-bounds Write
2024-01-21 10:28:58
Type Confusion
2024-01-21 10:28:53
Out-of-bounds Memory Access
2024-01-21 10:28:48
alpinelinux
alpinelinux
CVE-2024-0518
2024-01-16 22:15:37
CVE-2024-0519
2024-01-16 22:15:37
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
vulnrichment
vulnrichment
CVE-2024-0519
2024-01-16 21:14:49
CVE-2024-0518
2024-01-16 21:14:49
thn
thn
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
2024-05-10 10:23:00
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
2024-05-14 13:51:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 15 January to 21 January 2024
2024-01-23 07:42:21
Google Fixes First Actively Exploited Chrome Zero-day of 2024
2024-01-18 09:45:54
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Google Chrome
2024-03-04 10:25:06
mscve
mscve
Chromium: CVE-2024-0518 Type Confusion in V8
2024-01-17 18:17:35
Chromium: CVE-2024-0517 Out of bounds write in V8
2024-01-17 18:17:31
Chromium: CVE-2024-0519 Out of bounds memory access in V8
2024-01-17 18:17:38
cisa_kev
cisa_kev
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
2024-01-17 00:00:00
attackerkb
attackerkb
CVE-2024-0519
2024-01-16 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-02-19 00:00:00
QtWebEngine: Multiple Vulnerabilities
2024-02-18 00:00:00
redos
redos
ROS-20240328-08
2024-03-28 00:00:00
avleonov
avleonov
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.002
Percentile
58.9%
Related for OPENVAS:13614125623111120245602