The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5955 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5955-1                   security@debian.org     https://www.debian.org/security/                           Andres Salomon     July 02, 2025                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : chromium     CVE ID         : CVE-2025-6554

    Security issues were discovered in Chromium which could result     in the execution of arbitrary code, denial of service, or information     disclosure. Google is aware that an exploit for CVE-2025-6554 exists     in the wild.

    For the stable distribution (bookworm), this problem has been fixed in     version 138.0.7204.92-1~deb12u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5955 : chromium - security update

high Nessus Plugin ID 241161

Version 1.3

Version 1.2

Version 1.3 Jul 5, 2025, 5:28 PM New Plugin Feed: 202507051728
Version 1.2 Jul 3, 2025, 7:10 AM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") New Plugin Feed: 202507030710