openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1350-1)

critical Nessus Plugin ID 154079

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1350-1 advisory.

- Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37956)

- Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957)

- Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958)

- Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37959)

- Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37961)

- Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37962)

- Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. (CVE-2021-37963)

- Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. (CVE-2021-37964)

- Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-37965, CVE-2021-37968)

- Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37966)

- Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (CVE-2021-37967)

- Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. (CVE-2021-37969)

- Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37970)

- Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-37971)

- Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37972)

- Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
(CVE-2021-37973)

- Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(CVE-2021-37974)

- Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975)

- Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976)

- : Use after free in Garbage Collection. (CVE-2021-37977)

- This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2021-37978)

- : Heap buffer overflow in WebRTC. (CVE-2021-37979)

- : Inappropriate implementation in Sandbox. (CVE-2021-37980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromedriver and / or chromium packages.

See Also

https://bugzilla.suse.com/1190765

https://bugzilla.suse.com/1191166

https://bugzilla.suse.com/1191204

https://bugzilla.suse.com/1191463

http://www.nessus.org/u?ba7d1788

https://www.suse.com/security/cve/CVE-2021-37956

https://www.suse.com/security/cve/CVE-2021-37957

https://www.suse.com/security/cve/CVE-2021-37958

https://www.suse.com/security/cve/CVE-2021-37959

https://www.suse.com/security/cve/CVE-2021-37961

https://www.suse.com/security/cve/CVE-2021-37962

https://www.suse.com/security/cve/CVE-2021-37963

https://www.suse.com/security/cve/CVE-2021-37964

https://www.suse.com/security/cve/CVE-2021-37965

https://www.suse.com/security/cve/CVE-2021-37966

https://www.suse.com/security/cve/CVE-2021-37967

https://www.suse.com/security/cve/CVE-2021-37968

https://www.suse.com/security/cve/CVE-2021-37969

https://www.suse.com/security/cve/CVE-2021-37970

https://www.suse.com/security/cve/CVE-2021-37971

https://www.suse.com/security/cve/CVE-2021-37972

https://www.suse.com/security/cve/CVE-2021-37973

https://www.suse.com/security/cve/CVE-2021-37974

https://www.suse.com/security/cve/CVE-2021-37975

https://www.suse.com/security/cve/CVE-2021-37976

https://www.suse.com/security/cve/CVE-2021-37977

https://www.suse.com/security/cve/CVE-2021-37978

https://www.suse.com/security/cve/CVE-2021-37979

https://www.suse.com/security/cve/CVE-2021-37980

Plugin Details

Severity: Critical

ID: 154079

File Name: openSUSE-2021-1350.nasl

Version: 1.11

Type: local

Agent: unix

Published: 10/13/2021

Updated: 1/16/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-37979

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-37973

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:chromium

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/12/2021

Vulnerability Publication Date: 9/21/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-37956, CVE-2021-37957, CVE-2021-37958, CVE-2021-37959, CVE-2021-37961, CVE-2021-37962, CVE-2021-37963, CVE-2021-37964, CVE-2021-37965, CVE-2021-37966, CVE-2021-37967, CVE-2021-37968, CVE-2021-37969, CVE-2021-37970, CVE-2021-37971, CVE-2021-37972, CVE-2021-37973, CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980

IAVA: 2021-A-0438-S, 2021-A-0448-S, 2021-A-0449-S, 2021-A-0459-S