Detections
Analytics
Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities
critical Nessus Plugin ID 163893
Language:
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.Description
The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory.- Use after free in Omnibox. (CVE-2022-2603)
- Use after free in Safe Browsing. (CVE-2022-2604)
- Out of bounds read in Dawn. (CVE-2022-2605)
- Use after free in Managed devices API. (CVE-2022-2606)
- Insufficient policy enforcement in Background Fetch. (CVE-2022-2610)
- Inappropriate implementation in Fullscreen API. (CVE-2022-2611)
- Side-channel information leakage in Keyboard input. (CVE-2022-2612)
- Use after free in Sign-In Flow. (CVE-2022-2614)
- Insufficient policy enforcement in Cookies. (CVE-2022-2615)
- Inappropriate implementation in Extensions API. (CVE-2022-2616)
- Use after free in Extensions API. (CVE-2022-2617)
- Insufficient validation of untrusted input in Internals. (CVE-2022-2618)
- Insufficient validation of untrusted input in Settings. (CVE-2022-2619)
- Use after free in Extensions. (CVE-2022-2621)
- Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-2622)
- Use after free in Offline. (CVE-2022-2623)
- Heap buffer overflow in PDF. (CVE-2022-2624)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Microsoft Edge version 104.0.1293.47 or later.See Also
http://www.nessus.org/u?d822b1dc
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2603
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2604
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2605
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2606
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2610
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2611
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2612
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2614
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2615
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2616
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2617
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2618
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2619
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2621
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2622
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2623
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2624
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796
Plugin Details
Severity: Critical
ID: 163893
File Name: microsoft_edge_chromium_104_0_1293_47.nasl
Version: 1.8
Type: local
Agent: windows
Family: Windows
Published: 8/6/2022
Updated: 2/5/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-33649
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:edge
Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium)
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/5/2022
Vulnerability Publication Date: 8/2/2022
Reference Information
CVE: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE-2022-2606, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2614, CVE-2022-2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624, CVE-2022-33636, CVE-2022-33649, CVE-2022-35796