www.tenable.com Open in urlscan Pro
2606:4700::6810:3105  Public Scan

URL: https://www.tenable.com/plugins/nessus/208710
Submission: On November 13 via api from IN — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable Cloud Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3CVSS v4
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Plugins
   OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
   FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
   Notes
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure
 * CVEs
   OverviewNewestUpdatedSearch
 * Attack Path Techniques
   OverviewSearch
    * Links
      Tenable CloudTenable Community & SupportTenable University
    * Settings
      Severity
      VPRCVSS v2CVSS v3CVSS v4
      Theme
      LightDarkAuto

DETECTIONS

 * Plugins
   OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
   FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
   Families
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure

ANALYTICS

 * CVEs
   OverviewNewestUpdatedSearch
 * Attack Path Techniques
   OverviewSearch

 1. Plugins
 2. Nessus
 3. 208710

 1. Nessus


MICROSOFT EDGE (CHROMIUM) < 129.0.2792.89 MULTIPLE VULNERABILITIES

HIGH NESSUS PLUGIN ID 208710

Language:

English
日本語简体中文繁體中文English
 * Information
 * Dependencies
 * Dependents
 * Changelog

SYNOPSIS

The remote host has an web browser installed that is affected by multiple
vulnerabilities.


DESCRIPTION

The version of Microsoft Edge installed on the remote Windows host is prior to
129.0.2792.89. It is, therefore, affected by multiple vulnerabilities as
referenced in the October 10, 2024 advisory.

- Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote
attacker to perform an out of bounds memory write via a crafted HTML page.
(Chromium security severity: High) (CVE-2024-9602)

- Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote
attacker to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2024-9603)

Note that Nessus has not tested for these issues but has instead relied only on
the application's self-reported version number.


SOLUTION

Upgrade to Microsoft Edge version 129.0.2792.89 or later.


SEE ALSO

http://www.nessus.org/u?e8753453

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9602

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9603

PLUGIN DETAILS

Severity: High

ID: 208710

File Name: microsoft_edge_chromium_129_0_2792_89.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 10/10/2024

Updated: 10/10/2024





Supported Sensors: Nessus Agent, Nessus



RISK INFORMATION



VPR

Risk Factor: Medium

Score: 6.7

CVSS V2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P



CVSS Score Source: CVE-2024-9603

CVSS V3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C



VULNERABILITY INFORMATION

CPE: cpe:/a:microsoft:edge

Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge
(Chromium)



Exploit Ease: No known exploits are available



Patch Publication Date: 10/10/2024

Vulnerability Publication Date: 10/8/2024



REFERENCE INFORMATION

CVE: CVE-2024-9602, CVE-2024-9603


 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2024 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance