The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 07ee8c14-68f1-11ee-8290-a8a1599412c6 advisory.

  - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)     (CVE-2023-5218)

  - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: Low) (CVE-2023-5473)

  - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who     convinced a user to engage in specific user interactions to potentially exploit heap corruption via a     crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)

  - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who     convinced a user to install a malicious extension to bypass discretionary access control via a crafted     Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)

  - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-5476)

  - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker     to bypass discretionary access control via a crafted command. (Chromium security severity: Low)     (CVE-2023-5477)

  - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker     to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)

  - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker     who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML     page. (Chromium security severity: Medium) (CVE-2023-5479)

  - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote     attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-5481)

  - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker     to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-5483)

  - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote     attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-5484)

  - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker     to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)

  - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to     spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)

  - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who     convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome     Extension. (Chromium security severity: Medium) (CVE-2023-5487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

FreeBSD : chromium -- multiple vulnerabilities (07ee8c14-68f1-11ee-8290-a8a1599412c6)

high Nessus Plugin ID 182960

Version 1.2