Detections
Analytics

Google Chrome < 146.0.7680.71 Multiple Vulnerabilities

high Nessus Plugin ID 301924

Language:

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 2026_03_stable-channel-update-for-desktop_10 advisory.

 - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2026-3936)

 - Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-3913)

 - Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2026-3914)

 - Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2026-3915)

 - Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2026-3916)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 146.0.7680.71 or later.

See Also

http://www.nessus.org/u?544cdba0

https://crbug.com/483445078

https://crbug.com/481776048

https://crbug.com/483971526

https://crbug.com/482828615

https://crbug.com/483569512

https://crbug.com/483853103

https://crbug.com/444176961

https://crbug.com/482875307

https://crbug.com/484946544

https://crbug.com/485397139

https://crbug.com/485935314

https://crbug.com/487338366

https://crbug.com/418214610

https://crbug.com/478659010

https://crbug.com/474948986

https://crbug.com/435980394

https://crbug.com/477180001

https://crbug.com/476898368

https://crbug.com/417599694

https://crbug.com/478296121

https://crbug.com/478783560

https://crbug.com/479326680

https://crbug.com/481920229

https://crbug.com/473118648

https://crbug.com/474763968

https://crbug.com/40058077

https://crbug.com/470574526

https://crbug.com/474670215

https://crbug.com/475238879

Plugin Details

Severity: High

ID: 301924

File Name: macosx_google_chrome_146_0_7680_71.nasl

Version: 1.3

Type: Local

Agent: macosx

Published: 3/12/2026

Updated: 3/18/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-3936

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-3932

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2026

Vulnerability Publication Date: 3/10/2026

Reference Information

CVE: CVE-2026-3913, CVE-2026-3914, CVE-2026-3915, CVE-2026-3916, CVE-2026-3917, CVE-2026-3918, CVE-2026-3919, CVE-2026-3920, CVE-2026-3921, CVE-2026-3922, CVE-2026-3923, CVE-2026-3924, CVE-2026-3925, CVE-2026-3926, CVE-2026-3927, CVE-2026-3928, CVE-2026-3929, CVE-2026-3930, CVE-2026-3931, CVE-2026-3932, CVE-2026-3934, CVE-2026-3935, CVE-2026-3936, CVE-2026-3937, CVE-2026-3938, CVE-2026-3939, CVE-2026-3940, CVE-2026-3941, CVE-2026-3942

IAVA: 2026-A-0240