Detections
Analytics
Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities
high Nessus Plugin ID 155601
Language:
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.Description
The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory.- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436)
- Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439)
- Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)
- Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)
- Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)
- Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)
- Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)
- Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)
- Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)
- Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)
- Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)
- Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)
- Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)
- Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)
- Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)
- Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)
- Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)
- Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)
- Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)
- Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)
- Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930)
- Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641)
- Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Microsoft Edge version 93.0.961.38 or later.See Also
http://www.nessus.org/u?eab98635
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642
Plugin Details
Severity: High
ID: 155601
File Name: microsoft_edge_chromium_93_0_961_38.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 11/18/2021
Updated: 5/6/2022
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-36930
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2021-30624
Vulnerability Information
CPE: cpe:/a:microsoft:edge
Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium)
Exploit Ease: No known exploits are available
Patch Publication Date: 9/2/2021
Vulnerability Publication Date: 8/31/2021
Reference Information
CVE: CVE-2021-26436, CVE-2021-26439, CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624, CVE-2021-36930, CVE-2021-38641, CVE-2021-38642
IAVA: 2021-A-0401-S, 2021-A-0432-S