Detections
Analytics
Google Chrome < 65.0.3325.146 Multiple Vulnerabilities
critical Nessus Plugin ID 275864
Synopsis
A web browser installed on the remote macOS host is affected by multiple vulnerabilities.Description
The version of Google Chrome installed on the remote macOS host is prior to 65.0.3325.146. It is, therefore, affected by multiple vulnerabilities as referenced in the 2018_03_stable-channel-update-for-desktop advisory.- An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. (CVE-2017-11225)
- An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. (CVE-2017-11215)
- Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-6060)
- A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-6061)
- Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2018-6062)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Google Chrome version 65.0.3325.146 or later.See Also
Plugin Details
Severity: Critical
ID: 275864
File Name: macosx_google_chrome_65_0_3325_146.nasl
Version: 1.1
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 11/20/2025
Updated: 11/20/2025
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-11225
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Required KB Items: installed_sw/Google Chrome
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/6/2018
Vulnerability Publication Date: 11/14/2017
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Reference Information
CVE: CVE-2017-11215, CVE-2017-11225, CVE-2018-6057, CVE-2018-6060, CVE-2018-6061, CVE-2018-6062, CVE-2018-6063, CVE-2018-6064, CVE-2018-6065, CVE-2018-6066, CVE-2018-6067, CVE-2018-6068, CVE-2018-6069, CVE-2018-6070, CVE-2018-6071, CVE-2018-6072, CVE-2018-6073, CVE-2018-6074, CVE-2018-6075, CVE-2018-6076, CVE-2018-6077, CVE-2018-6078, CVE-2018-6079, CVE-2018-6080, CVE-2018-6081, CVE-2018-6082, CVE-2018-6083
IAVA: 2017-A-0332-S, 2018-A-0070-S