The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5223 advisory.

  - Use after free in Network Service. (CVE-2022-3038)

  - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)

  - Use after free in Layout. (CVE-2022-3040)

  - Use after free in PhoneHub. (CVE-2022-3042)

  - Heap buffer overflow in Screen Capture. (CVE-2022-3043)

  - Inappropriate implementation in Site Isolation. (CVE-2022-3044)

  - Insufficient validation of untrusted input in V8. (CVE-2022-3045)

  - Use after free in Browser Tag. (CVE-2022-3046)

  - Insufficient policy enforcement in Extensions API. (CVE-2022-3047)

  - Inappropriate implementation in Chrome OS lockscreen. (CVE-2022-3048)

  - Use after free in SplitScreen. (CVE-2022-3049)

  - Heap buffer overflow in WebUI. (CVE-2022-3050)

  - Heap buffer overflow in Exosphere. (CVE-2022-3051)

  - Heap buffer overflow in Window Manager. (CVE-2022-3052)

  - Inappropriate implementation in Pointer Lock. (CVE-2022-3053)

  - Insufficient policy enforcement in DevTools. (CVE-2022-3054)

  - Use after free in Passwords. (CVE-2022-3055)

  - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)

  - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)

  - Use after free in Sign-In Flow. (CVE-2022-3058)

  - Use after free in Tab Strip. (CVE-2022-3071)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5223-1 : chromium - security update

high Nessus Plugin ID 164648

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Mar 30, 2023, 10:08 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CISA reference Plugin Feed: 202303302208
Version 1.5 Mar 23, 2023, 8:46 PM Plugin requirements Plugin Feed: 202303232046
Version 1.4 Oct 4, 2022, 1:49 PM Exploit attributes CVSS temporal metrics Plugin Feed: 202210041349
Version 1.3 Sep 29, 2022, 9:52 PM CVSS metrics CVE (Changed from None to CVE-2022-3071) Plugin Feed: 202209292152