Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities

high Nessus Plugin ID 155601


The remote host has an web browser installed that is affected by multiple vulnerabilities.


The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436)

- Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439)

- Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)

- Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)

- Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)

- Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)

- Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)

- Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)

- Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)

- Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)

- Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)

- Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)

- Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)

- Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)

- Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)

- Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)

- Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)

- Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)

- Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)

- Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)

- Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930)

- Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641)

- Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to Microsoft Edge version 93.0.961.38 or later.

See Also

Plugin Details

Severity: High

ID: 155601

File Name: microsoft_edge_chromium_93_0_961_38.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 11/18/2021

Updated: 5/6/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-36930


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-30624

Vulnerability Information

CPE: cpe:/a:microsoft:edge

Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium)

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 8/31/2021

Reference Information

CVE: CVE-2021-26436, CVE-2021-26439, CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624, CVE-2021-36930, CVE-2021-38641, CVE-2021-38642

IAVA: 2021-A-0401-S, 2021-A-0432-S