Microsoft Edge (Chromium) < 109.0.1518.49 / 108.0.1462.83 Multiple Vulnerabilities

high Nessus Plugin ID 170007

Synopsis

The remote host has an web browser installed that is affected by multiple vulnerabilities.

Description

The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.49 / 108.0.1462.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 12, 2023 advisory.

- Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)

- Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
(Chromium security severity: Medium) (CVE-2023-0130)

- Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2023-0131)

- Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132)

- Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133)

- Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135)

- Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136)

- Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138)

- Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139)

- Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140)

- Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)

- Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2023-21775)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. (CVE-2023-21796)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Microsoft Edge version 109.0.1518.49 / 108.0.1462.83 or later.

See Also

http://www.nessus.org/u?245dfb65

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0129

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0134

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0135

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0140

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21775

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21796

Plugin Details

Severity: High

ID: 170007

File Name: microsoft_edge_chromium_109_0_1518_49.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 1/13/2023

Updated: 10/24/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-0138

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:edge

Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium)

Exploit Ease: No known exploits are available

Patch Publication Date: 1/12/2023

Vulnerability Publication Date: 1/10/2023

Reference Information

CVE: CVE-2023-0129, CVE-2023-0130, CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0134, CVE-2023-0135, CVE-2023-0136, CVE-2023-0138, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141

IAVA: 2023-A-0029-S, 2023-A-0034-S