The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5479 advisory.

  - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who     had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-2312)

  - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote     attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2023-4349)

  - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a     remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-4350)

  - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has     elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-4351)

  - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352)

  - Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-4353)

  - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-4354)

  - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-4355)

  - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has     convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: Medium) (CVE-2023-4356)

  - Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote     attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-4357)

  - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358)

  - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a     remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium     security severity: Medium) (CVE-2023-4359)

  - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to     obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360)

  - Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a     remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4361)

  - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who     had compromised the renderer process and gained control of a WebUI process to potentially exploit heap     corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362)

  - Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a     remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security     severity: Medium) (CVE-2023-4363)

  - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a     remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-4364)

  - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote     attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-4365)

  - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: Medium) (CVE-2023-4366)

  - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an     attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5479-1 : chromium - security update

high Nessus Plugin ID 179974

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Sep 18, 2023, 4:18 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309181618
Version 1.1 Aug 25, 2023, 4:05 PM CVSS metrics ("CVSSv3 score" changed from 9.8 to 8.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2023-4366" to "CVE-2023-4368") CVSSv3 score source (set to "CVE-2023-4368") Plugin Feed: 202308251605
Version 1.0 Aug 18, 2023, 6:11 PM New Plugin Feed: 202308181811