openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0016-1)

high Nessus Plugin ID 170038

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0016-1 advisory.

- Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0128)

- Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)

- Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
(Chromium security severity: Medium) (CVE-2023-0130)

- Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2023-0131)

- Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132)

- Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133)

- Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134)

- Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136)

- Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0137)

- Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138)

- Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139)

- Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140)

- Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromedriver and / or chromium packages.

See Also

https://www.suse.com/security/cve/CVE-2023-0133

https://www.suse.com/security/cve/CVE-2023-0134

https://www.suse.com/security/cve/CVE-2023-0136

https://www.suse.com/security/cve/CVE-2023-0137

https://www.suse.com/security/cve/CVE-2023-0138

https://www.suse.com/security/cve/CVE-2023-0139

https://www.suse.com/security/cve/CVE-2023-0140

https://www.suse.com/security/cve/CVE-2023-0141

https://bugzilla.suse.com/1207018

http://www.nessus.org/u?0f688aaa

https://www.suse.com/security/cve/CVE-2023-0128

https://www.suse.com/security/cve/CVE-2023-0129

https://www.suse.com/security/cve/CVE-2023-0130

https://www.suse.com/security/cve/CVE-2023-0131

https://www.suse.com/security/cve/CVE-2023-0132

Plugin Details

Severity: High

ID: 170038

File Name: openSUSE-2023-0016-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/13/2023

Updated: 10/24/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-0138

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:15.4, p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromium

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/13/2023

Vulnerability Publication Date: 1/10/2023

Reference Information

CVE: CVE-2023-0128, CVE-2023-0129, CVE-2023-0130, CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0134, CVE-2023-0136, CVE-2023-0137, CVE-2023-0138, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141