The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2024 advisory.

  - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a     remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2024-0804)

  - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote     attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)     (CVE-2024-0805)

  - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to     potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)     (CVE-2024-0806)

  - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-0807)

  - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to     potentially exploit heap corruption via a malicious file. (Chromium security severity: High)     (CVE-2024-0808)

  - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker     to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809)

  - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker     who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome     Extension. (Chromium security severity: Medium) (CVE-2024-0810)

  - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker     who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome     Extension. (Chromium security severity: Low) (CVE-2024-0811)

  - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote     attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2024-0812)

  - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via specific UI interaction.
    (Chromium security severity: Medium) (CVE-2024-0813)

  - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to     potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2024-0814)

  - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21326, CVE-2024-21385,     CVE-2024-21388)

  - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-21336, CVE-2024-21383)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 Multiple Vulnerabilities

critical Nessus Plugin ID 189605

Version 1.6