The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory.

  - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735)

  - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727)

  - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform     an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)     (CVE-2023-4863)

  - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a     remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4900)

  - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker     to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-4901)

  - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to     spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902)

  - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62     allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4903)

  - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote     attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity:
    Medium) (CVE-2023-4904)

  - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker     to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905)

  - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote     attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-4906)

  - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a     remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-4907)

  - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a     remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-4908)

  - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote     attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-4909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities

high Nessus Plugin ID 181483

Version 1.6