Detections
Analytics
Skype Extension for Chrome < 10.2.0.9951 Information Disclosure
medium Nessus Plugin ID 161976
Language:
Synopsis
A browser extension installed on the remote host is affected by an information disclosure vulnerability.Description
The Skype Extension for Chrome installed on the remote host is a version prior to 10.2.0.9951. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, to expose potentially sensitive information.Solution
Upgrade to Skype Extension for Chrome version 10.2.0.9951 or later.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24522
Plugin Details
Severity: Medium
ID: 161976
File Name: chrome_extension_skype_10_2_0_9951.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 6/9/2022
Updated: 6/13/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Low
Base Score: 2.6
Temporal Score: 1.9
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2022-24522
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:google:chrome, cpe:/a:microsoft:skype_extension
Required KB Items: installed_sw/Google Chrome, SMB/WindowsVersion
Exploit Ease: No known exploits are available
Patch Publication Date: 3/8/2022
Vulnerability Publication Date: 3/8/2022
Reference Information
CVE: CVE-2022-24522