Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities

high Nessus Plugin ID 155601

Synopsis

The remote host has an web browser installed that is affected by multiple vulnerabilities.

Description

The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436)

- Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439)

- Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)

- Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)

- Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)

- Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)

- Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)

- Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)

- Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)

- Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)

- Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)

- Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)

- Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)

- Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)

- Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)

- Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)

- Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)

- Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)

- Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)

- Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)

- Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930)

- Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641)

- Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Microsoft Edge version 93.0.961.38 or later.

See Also

http://www.nessus.org/u?eab98635

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642

Plugin Details

Severity: High

ID: 155601

File Name: microsoft_edge_chromium_93_0_961_38.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 11/18/2021

Updated: 5/6/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-36930

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-30624

Vulnerability Information

CPE: cpe:/a:microsoft:edge

Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium)

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 8/31/2021

Reference Information

CVE: CVE-2021-26436, CVE-2021-26439, CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624, CVE-2021-36930, CVE-2021-38641, CVE-2021-38642

IAVA: 2021-A-0401-S, 2021-A-0432-S