Fedora 37 : chromium (2023-0e77b3d321)
critical Nessus Plugin ID 173404
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0e77b3d321 advisory.- Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528)
- Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529)
- Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530)
- Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531)
- Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532)
- Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533)
- Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected chromium package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2023-0e77b3d321
Plugin Details
Severity : Critical
ID : 173404
File Name : fedora_2023-0e77b3d321.nasl
Version : 1.1
Type : local
Agent : unix
Family : Fedora Local Security Checks
Published : 3/24/2023
Updated : 3/27/2023
Supported Sensors : Agentless Assessment , Frictionless Assessment Agent , Nessus Agent
Risk Information
VPR
Risk Factor : High
Score : 8.1
CVSS v2
Risk Factor : Critical
Base Score : 10
Temporal Score : 7.4
Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector : E:U/RL:OF/RC:C
CVSS Score Source : CVE-2023-1533
CVSS v3
Risk Factor : Critical
Base Score : 9.8
Temporal Score : 8.5
Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector : E:U/RL:O/RC:C
CVSS Score Source : CVE-2023-1529
Vulnerability Information
CPE : cpe:/o:fedoraproject:fedora:37 , p-cpe:/a:fedoraproject:fedora:chromium
Required KB Items : Host/local_checks_enabled , Host/RedHat/release , Host/RedHat/rpm-list
Exploit Ease : No known exploits are available
Patch Publication Date : 3/24/2023
Vulnerability Publication Date : 3/21/2023
Reference Information
CVE : CVE-2023-1528 , CVE-2023-1529 , CVE-2023-1530 , CVE-2023-1531 , CVE-2023-1532 , CVE-2023-1533 , CVE-2023-1534
FEDORA : 2023-0e77b3d321