The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec advisory.

  - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174)

  - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2022-4175)

  - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71     allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially     exploit heap corruption via UI interactions. (Chromium security severity: High) (CVE-2022-4176)

  - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a     user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI     interaction. (Chromium security severity: High) (CVE-2022-4177)

  - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2022-4178)

  - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user     to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
    (Chromium security severity: High) (CVE-2022-4179)

  - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to     install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
    (Chromium security severity: High) (CVE-2022-4180)

  - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181)

  - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote     attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2022-4182)

  - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote     attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2022-4183)

  - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote     attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2022-4184)

  - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote     attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2022-4185)

  - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an     attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186)

  - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a     remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2022-4187)

  - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71     allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security     severity: Medium) (CVE-2022-4188)

  - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker     who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted     Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189)

  - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote     attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2022-4190)

  - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced     a user to engage in specific UI interaction to potentially exploit heap corruption via profile     destruction. (Chromium security severity: Medium) (CVE-2022-4191)

  - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who     convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI     interaction. (Chromium security severity: Medium) (CVE-2022-4192)

  - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a     remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2022-4193)

  - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2022-4194)

  - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote     attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)     (CVE-2022-4195)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

FreeBSD : chromium -- multiple vulnerabilities (5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec)

high Nessus Plugin ID 168310

Version 1.6

Version 1.5

Version 1.3

Version 1.2

Version 1.6 Jan 6, 2023, 4:14 PM CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") CVSS temporal metrics ("CVSSv2 temporal score" set to "7.8") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal score" set to "7.9") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202301061614
Version 1.5 Dec 8, 2022, 4:04 PM IAVM reference Plugin Feed: 202212081604
Version 1.3 Dec 2, 2022, 4:16 PM CVSS metrics ("CVSSv3 score" changed from "9.8" to "8.8") CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2022-4194") Plugin Feed: 202212021616
Version 1.2 Nov 30, 2022, 5:53 PM New Plugin Feed: 202211301753