Detections
Analytics

Google Chrome < 147.0.7727.101 Multiple Vulnerabilities

critical Nessus Plugin ID 306600

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 147.0.7727.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2026_04_stable-channel-update-for-desktop_15 advisory.

 - Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High) (CVE-2026-6362)

 - Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-6296)

 - Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-6297)

 - Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-6298)

 - Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-6299)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 147.0.7727.101 or later.

See Also

http://www.nessus.org/u?848aca76

https://crbug.com/490170083

https://crbug.com/493628982

https://crbug.com/495700484

https://crbug.com/497053588

https://crbug.com/497724498

https://crbug.com/490251701

https://crbug.com/491994185

https://crbug.com/495273999

https://crbug.com/495477995

https://crbug.com/496282147

https://crbug.com/496393742

https://crbug.com/496618639

https://crbug.com/496907110

https://crbug.com/497404188

https://crbug.com/497412658

https://crbug.com/497846428

https://crbug.com/497880137

https://crbug.com/497969820

https://crbug.com/498201025

https://crbug.com/498269651

https://crbug.com/498765210

https://crbug.com/498782145

https://crbug.com/499247910

https://crbug.com/499384399

https://crbug.com/500036290

https://crbug.com/500066234

https://crbug.com/500091052

https://crbug.com/495751197

https://crbug.com/495996858

https://crbug.com/499018889

https://crbug.com/502103414

Plugin Details

Severity: Critical

ID: 306600

File Name: macosx_google_chrome_147_0_7727_101.nasl

Version: 1.1

Type: Local

Agent: macosx

Published: 4/16/2026

Updated: 4/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-6362

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-6296

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 4/15/2026

Vulnerability Publication Date: 4/15/2026

Reference Information

CVE: CVE-2026-6296, CVE-2026-6297, CVE-2026-6298, CVE-2026-6299, CVE-2026-6300, CVE-2026-6301, CVE-2026-6302, CVE-2026-6303, CVE-2026-6304, CVE-2026-6305, CVE-2026-6306, CVE-2026-6307, CVE-2026-6308, CVE-2026-6309, CVE-2026-6310, CVE-2026-6311, CVE-2026-6312, CVE-2026-6313, CVE-2026-6314, CVE-2026-6315, CVE-2026-6316, CVE-2026-6317, CVE-2026-6318, CVE-2026-6319, CVE-2026-6358, CVE-2026-6359, CVE-2026-6360, CVE-2026-6361, CVE-2026-6362, CVE-2026-6363, CVE-2026-6364