Fedora 36 : chromium (2023-3003165311)

critical Nessus Plugin ID 173418

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3003165311 advisory.

- Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528)

- Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529)

- Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530)

- Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531)

- Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532)

- Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533)

- Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-3003165311

Plugin Details

Severity : Critical

ID : 173418

File Name : fedora_2023-3003165311.nasl

Version : 1.1

Type : local

Agent : unix

Published : 3/26/2023

Updated : 3/27/2023

Supported Sensors : Frictionless Assessment Agent , Nessus Agent , Agentless Assessment

Risk Information

VPR

Risk Factor : High

Score : 8.1

CVSS v2

Risk Factor : Critical

Base Score : 10

Temporal Score : 7.4

Vector : CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector : CVSS2#E:U/RL:OF/RC:C

CVSS Score Source : CVE-2023-1533

CVSS v3

Risk Factor : Critical

Base Score : 9.8

Temporal Score : 8.5

Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector : CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source : CVE-2023-1529

Vulnerability Information

CPE : p-cpe:2.3:a:fedoraproject:fedora:chromium:*:*:*:*:*:*:* , cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Required KB Items : Host/local_checks_enabled , Host/RedHat/release , Host/RedHat/rpm-list

Exploit Ease : No known exploits are available

Patch Publication Date : 3/24/2023

Vulnerability Publication Date : 3/21/2023

Reference Information

CVE : CVE-2023-1528 , CVE-2023-1529 , CVE-2023-1530 , CVE-2023-1531 , CVE-2023-1532 , CVE-2023-1533 , CVE-2023-1534