Detections
Analytics
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0075-1)
critical Nessus Plugin ID 158689
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0075-1 advisory.- Heap buffer overflow in ANGLE. (CVE-2022-0789)
- Use after free in Cast UI. (CVE-2022-0790)
- Use after free in Omnibox. (CVE-2022-0791)
- Out of bounds read in ANGLE. (CVE-2022-0792)
- Use after free in Views. (CVE-2022-0793)
- Use after free in WebShare. (CVE-2022-0794)
- Type Confusion in Blink Layout. (CVE-2022-0795)
- Use after free in Media. (CVE-2022-0796)
- Out of bounds memory access in Mojo. (CVE-2022-0797)
- Use after free in MediaStream. (CVE-2022-0798)
- Insufficient policy enforcement in Installer. (CVE-2022-0799)
- Heap buffer overflow in Cast UI. (CVE-2022-0800)
- Inappropriate implementation in HTML parser. (CVE-2022-0801)
- Inappropriate implementation in Full screen mode. (CVE-2022-0802, CVE-2022-0804)
- Inappropriate implementation in Permissions. (CVE-2022-0803)
- Use after free in Browser Switcher. (CVE-2022-0805)
- Data leak in Canvas. (CVE-2022-0806)
- Inappropriate implementation in Autofill. (CVE-2022-0807)
- Use after free in Chrome OS Shell. (CVE-2022-0808)
- Out of bounds memory access in WebXR. (CVE-2022-0809)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected chromedriver and / or chromium packages.See Also
https://bugzilla.suse.com/1196641
http://www.nessus.org/u?5760d695
https://www.suse.com/security/cve/CVE-2022-0789
https://www.suse.com/security/cve/CVE-2022-0790
https://www.suse.com/security/cve/CVE-2022-0791
https://www.suse.com/security/cve/CVE-2022-0792
https://www.suse.com/security/cve/CVE-2022-0793
https://www.suse.com/security/cve/CVE-2022-0794
https://www.suse.com/security/cve/CVE-2022-0795
https://www.suse.com/security/cve/CVE-2022-0796
https://www.suse.com/security/cve/CVE-2022-0797
https://www.suse.com/security/cve/CVE-2022-0798
https://www.suse.com/security/cve/CVE-2022-0799
https://www.suse.com/security/cve/CVE-2022-0800
https://www.suse.com/security/cve/CVE-2022-0801
https://www.suse.com/security/cve/CVE-2022-0802
https://www.suse.com/security/cve/CVE-2022-0803
https://www.suse.com/security/cve/CVE-2022-0804
https://www.suse.com/security/cve/CVE-2022-0805
https://www.suse.com/security/cve/CVE-2022-0806
https://www.suse.com/security/cve/CVE-2022-0807
Plugin Details
Severity: Critical
ID: 158689
File Name: openSUSE-2022-0075-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/8/2022
Updated: 1/10/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-0809
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2022-0790
Vulnerability Information
CPE: cpe:/o:novell:opensuse:15.3, p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromium
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/7/2022
Vulnerability Publication Date: 3/1/2022
Reference Information
CVE: CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809