Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12. (CVE-2025-10502)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of Microsoft Edge installed on the remote Windows host is prior to 140.0.3485.81. It is, therefore, affected by multiple vulnerabilities as referenced in the September 19, 2025 advisory.

  - Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16. (CVE-2025-10585)

  - Use after free in Dawn. Reported by Giunash (Gyujeong Jin) on 2025-08-03. (CVE-2025-10500)

  - Use after free in WebRTC. Reported by sherkito on 2025-08-23. (CVE-2025-10501)

  - Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12. (CVE-2025-10502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6004 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6004-1                   security@debian.org     https://www.debian.org/security/                           Andres Salomon     September 19, 2025                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : chromium     CVE ID         : CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585

    Security issues were discovered in Chromium which could result     in the execution of arbitrary code, denial of service, or information     disclosure. Google is aware that an exploit for CVE-2025-10585 exists     in the wild.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 140.0.7339.185-1~deb12u1.

    For the stable distribution (trixie), these problems have been fixed in     version 140.0.7339.185-1~deb13u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 140.0.7339.185. It is, therefore, affected by multiple vulnerabilities as referenced in the 2025_09_stable-channel-update-for-desktop_17 advisory.

  - Use after free in WebRTC. Reported by sherkito on 2025-08-23. (CVE-2025-10501)

  - Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16. (CVE-2025-10585)

  - Use after free in Dawn. Reported by Giunash (Gyujeong Jin) on 2025-08-03. (CVE-2025-10500)

  - Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12. (CVE-2025-10502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
265564	Linux Distros Unpatched Vulnerability : CVE-2025-10502	Nessus	Misc.	critical
265451	Microsoft Edge (Chromium) < 140.0.3485.81 Multiple Vulnerabilities	Nessus	Windows	critical
265428	Debian dsa-6004 : chromium - security update	Nessus	Debian Local Security Checks	critical
265355	Google Chrome < 140.0.7339.185 Multiple Vulnerabilities	Nessus	Windows	critical

Detections

Analytics

CVE-2025-10502

critical

Tenable Plugins

critical

critical

critical

critical