Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 Multiple Vulnerabilities

critical Nessus Plugin ID 189605

Synopsis

The remote host has an web browser installed that is affected by multiple vulnerabilities.

Description

The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2024 advisory.

- Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0804)

- Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2024-0805)

- Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2024-0806)

- Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0807)

- Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) (CVE-2024-0808)

- Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809)

- Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-0810)

- Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-0811)

- Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity:
High) (CVE-2024-0812)

- Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction.
(Chromium security severity: Medium) (CVE-2024-0813)

- Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0814)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21326, CVE-2024-21385, CVE-2024-21388)

- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-21336, CVE-2024-21383)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later.

See Also

http://www.nessus.org/u?5d9abc0d

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0804

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0805

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0806

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0807

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0808

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0809

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0810

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0811

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0812

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0813

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0814

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21383

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21385

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388

Plugin Details

Severity: Critical

ID: 189605

File Name: microsoft_edge_chromium_121_0_2277_83.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 1/25/2024

Updated: 5/17/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-21326

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2024-0808

Vulnerability Information

CPE: cpe:/a:microsoft:edge

Required KB Items: installed_sw/Microsoft Edge (Chromium), SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/25/2024

Vulnerability Publication Date: 1/23/2024

Reference Information

CVE: CVE-2024-0804, CVE-2024-0805, CVE-2024-0806, CVE-2024-0807, CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024-0813, CVE-2024-0814, CVE-2024-21326, CVE-2024-21336, CVE-2024-21383, CVE-2024-21385, CVE-2024-21388

IAVA: 2024-A-0060-S, 2024-A-0253-S