Vulnerabilities > CVE-2019-5816 - Improper Control of a Resource Through its Lifetime vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Session Credential Falsification through Forging An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
- Exploitation of Session Variables, Resource IDs and other Trusted Credentials Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
- Reusing Session IDs (aka Session Replay) This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
- Session Fixation The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.
- Cross Site Request Forgery (aka Session Riding) An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201908-18.NASL description The remote host is affected by the vulnerability described in GLSA-201908-18 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 127967 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127967 title GLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201908-18. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(127967); script_version("1.3"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2018-17480", "CVE-2018-17481", "CVE-2018-18335", "CVE-2018-18336", "CVE-2018-18337", "CVE-2018-18338", "CVE-2018-18339", "CVE-2018-18340", "CVE-2018-18341", "CVE-2018-18342", "CVE-2018-18343", "CVE-2018-18344", "CVE-2018-18345", "CVE-2018-18346", "CVE-2018-18347", "CVE-2018-18348", "CVE-2018-18349", "CVE-2018-18350", "CVE-2018-18351", "CVE-2018-18352", "CVE-2018-18353", "CVE-2018-18354", "CVE-2018-18355", "CVE-2018-18356", "CVE-2018-18357", "CVE-2018-18358", "CVE-2018-18359", "CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823", "CVE-2019-5828", "CVE-2019-5829", "CVE-2019-5830", "CVE-2019-5831", "CVE-2019-5832", "CVE-2019-5833", "CVE-2019-5834", "CVE-2019-5835", "CVE-2019-5836", "CVE-2019-5837", "CVE-2019-5838", "CVE-2019-5839", "CVE-2019-5840", "CVE-2019-5842", "CVE-2019-5847", "CVE-2019-5848", "CVE-2019-5850", "CVE-2019-5851", "CVE-2019-5852", "CVE-2019-5853", "CVE-2019-5854", "CVE-2019-5855", "CVE-2019-5856", "CVE-2019-5857", "CVE-2019-5858", "CVE-2019-5859", "CVE-2019-5860", "CVE-2019-5861", "CVE-2019-5862", "CVE-2019-5863", "CVE-2019-5864", "CVE-2019-5865", "CVE-2019-5867", "CVE-2019-5868"); script_xref(name:"GLSA", value:"201908-18"); script_name(english:"GLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201908-18 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201908-18" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-76.0.3809.100' All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-76.0.3809.100'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5859"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 76.0.3809.100"), vulnerable:make_list("lt 76.0.3809.100"))) flag++; if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 76.0.3809.100"), vulnerable:make_list("lt 76.0.3809.100"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1325.NASL description This update for chromium fixes the following issues : Chromium was updated to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available last seen 2020-05-31 modified 2019-05-06 plugin id 124641 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124641 title openSUSE Security Update : chromium (openSUSE-2019-1325) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1325. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(124641); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823"); script_name(english:"openSUSE Security Update : chromium (openSUSE-2019-1325)"); script_summary(english:"Check for the openSUSE-2019-1325 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for chromium fixes the following issues : Chromium was updated to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133313" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-74.0.3729.108-lp150.209.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-debuginfo-74.0.3729.108-lp150.209.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-debuginfo-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-debugsource-74.0.3729.108-lp150.209.2", allowmaj:TRUE) ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-A1AF621FAF.NASL description Fix itinerant crashes. ---- Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-07-25 plugin id 126995 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126995 title Fedora 29 : chromium (2019-a1af621faf) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-a1af621faf. # include("compat.inc"); if (description) { script_id(126995); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823", "CVE-2019-5824", "CVE-2019-5825", "CVE-2019-5826", "CVE-2019-5827", "CVE-2019-5828", "CVE-2019-5829", "CVE-2019-5830", "CVE-2019-5831", "CVE-2019-5832", "CVE-2019-5833", "CVE-2019-5834", "CVE-2019-5835", "CVE-2019-5836", "CVE-2019-5837", "CVE-2019-5838", "CVE-2019-5839", "CVE-2019-5840", "CVE-2019-5842"); script_xref(name:"FEDORA", value:"2019-a1af621faf"); script_name(english:"Fedora 29 : chromium (2019-a1af621faf)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix itinerant crashes. ---- Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a1af621faf" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 72 and 73 Array.map exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"chromium-75.0.3770.100-3.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium"); }NASL family Windows NASL id GOOGLE_CHROME_74_0_3729_108.NASL description The version of Google Chrome installed on the remote Windows host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 124279 published 2019-04-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124279 title Google Chrome < 74.0.3729.108 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124279); script_version("1.4"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id( "CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823" ); script_name(english:"Google Chrome < 74.0.3729.108 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad61973c"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/913320"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/943087"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/945644"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/947029"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/941008"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/916838"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/771815"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/925598"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/942699"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930057"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930663"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/940245"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/943709"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/929962"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919356"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919635"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919640"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/926105"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930154"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 74.0.3729.108 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5822"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'74.0.3729.108', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1666.NASL description This update for chromium fixes the following issues : Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) : - CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332 : - CVE-2019-5828: Use after free in ServiceWorker - CVE-2019-5829: Use after free in Download Manager - CVE-2019-5830: Incorrectly credentialed requests in CORS - CVE-2019-5831: Incorrect map processing in V8 - CVE-2019-5832: Incorrect CORS handling in XHR - CVE-2019-5833: Inconsistent security UI placemen - CVE-2019-5835: Out of bounds read in Swiftshader - CVE-2019-5836: Heap buffer overflow in Angle - CVE-2019-5837: Cross-origin resources size disclosure in Appcache - CVE-2019-5838: Overly permissive tab access in Extensions - CVE-2019-5839: Incorrect handling of certain code points in Blink - CVE-2019-5840: Popup blocker bypass - Various fixes from internal audits, fuzzing and other initiatives - CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169 : - Feature fixes update only Update to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103 : - Various feature fixes Update to 73.0.3683.86 : - Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059 : - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with JavaScript URLs last seen 2020-05-31 modified 2019-07-01 plugin id 126368 published 2019-07-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126368 title openSUSE Security Update : chromium (openSUSE-2019-1666) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1666. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(126368); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2019-5787", "CVE-2019-5788", "CVE-2019-5789", "CVE-2019-5790", "CVE-2019-5791", "CVE-2019-5792", "CVE-2019-5793", "CVE-2019-5794", "CVE-2019-5795", "CVE-2019-5796", "CVE-2019-5797", "CVE-2019-5798", "CVE-2019-5799", "CVE-2019-5800", "CVE-2019-5801", "CVE-2019-5802", "CVE-2019-5803", "CVE-2019-5804", "CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823", "CVE-2019-5824", "CVE-2019-5827", "CVE-2019-5828", "CVE-2019-5829", "CVE-2019-5830", "CVE-2019-5831", "CVE-2019-5832", "CVE-2019-5833", "CVE-2019-5834", "CVE-2019-5835", "CVE-2019-5836", "CVE-2019-5837", "CVE-2019-5838", "CVE-2019-5839", "CVE-2019-5840", "CVE-2019-5842"); script_name(english:"openSUSE Security Update : chromium (openSUSE-2019-1666)"); script_summary(english:"Check for the openSUSE-2019-1666 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for chromium fixes the following issues : Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) : - CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332 : - CVE-2019-5828: Use after free in ServiceWorker - CVE-2019-5829: Use after free in Download Manager - CVE-2019-5830: Incorrectly credentialed requests in CORS - CVE-2019-5831: Incorrect map processing in V8 - CVE-2019-5832: Incorrect CORS handling in XHR - CVE-2019-5833: Inconsistent security UI placemen - CVE-2019-5835: Out of bounds read in Swiftshader - CVE-2019-5836: Heap buffer overflow in Angle - CVE-2019-5837: Cross-origin resources size disclosure in Appcache - CVE-2019-5838: Overly permissive tab access in Extensions - CVE-2019-5839: Incorrect handling of certain code points in Blink - CVE-2019-5840: Popup blocker bypass - Various fixes from internal audits, fuzzing and other initiatives - CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169 : - Feature fixes update only Update to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103 : - Various feature fixes Update to 73.0.3683.86 : - Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059 : - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with JavaScript URLs'. - CVE-2019-5804: Command line command injection on Windows." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133313" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134218" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137332" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138287" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-75.0.3770.90-lp150.218.4") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromedriver-debuginfo-75.0.3770.90-lp150.218.4") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-75.0.3770.90-lp150.218.4", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-debuginfo-75.0.3770.90-lp150.218.4", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"chromium-debugsource-75.0.3770.90-lp150.218.4", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"chromedriver-75.0.3770.90-lp151.2.9.3") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"chromedriver-debuginfo-75.0.3770.90-lp151.2.9.3") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"chromium-75.0.3770.90-lp151.2.9.3", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"chromium-debuginfo-75.0.3770.90-lp151.2.9.3", allowmaj:TRUE) ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"chromium-debugsource-75.0.3770.90-lp151.2.9.3", allowmaj:TRUE) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_74_0_3729_108.NASL description The version of Google Chrome installed on the remote macOS host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 124278 published 2019-04-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124278 title Google Chrome < 74.0.3729.108 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124278); script_version("1.4"); script_cvs_date("Date: 2019/10/30 13:24:46"); script_cve_id( "CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5812", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5816", "CVE-2019-5817", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823" ); script_name(english:"Google Chrome < 74.0.3729.108 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote macOS host is prior to 74.0.3729.108. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_23 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad61973c"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/913320"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/943087"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/945644"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/947029"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/941008"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/916838"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/771815"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/925598"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/942699"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930057"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930663"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/940245"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/943709"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/929962"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919356"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919635"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/919640"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/926105"); script_set_attribute(attribute:"see_also", value:"https://crbug.com/930154"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 74.0.3729.108 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5822"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("MacOSX/Google Chrome/Installed"); google_chrome_check_version(fix:'74.0.3729.108', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);
References
- https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
- https://crbug.com/940245
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
- https://security.gentoo.org/glsa/201908-18