Detections
Analytics

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

critical Nessus Plugin ID 322502

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 2026_06_stable-channel-update-for-desktop_0482630350 advisory.

 - Use after free in Autofill. (CVE-2026-13038)

 - Use after free in WebGL. (CVE-2026-13028, CVE-2026-13032)

 - Out of bounds read in Blink>InterestGroups. (CVE-2026-13033)

 - Inappropriate implementation in DeviceBoundSessionCredentials. (CVE-2026-13021)

 - Inappropriate implementation in Autofill. (CVE-2026-13022)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 149.0.7827.196 or later.

See Also

https://crbug.com/511776603

https://crbug.com/516734537

https://crbug.com/517080836

https://crbug.com/517148260

https://crbug.com/518043569

https://crbug.com/519728279

https://crbug.com/520543781

https://crbug.com/520656244

https://crbug.com/521495992

https://crbug.com/522840723

https://crbug.com/523308824

https://crbug.com/523591974

https://crbug.com/523677844

https://crbug.com/523699355

https://crbug.com/523704570

https://crbug.com/523711130

https://crbug.com/523721871

https://crbug.com/523740781

http://www.nessus.org/u?824101e7

Plugin Details

Severity: Critical

ID: 322502

File Name: macosx_google_chrome_149_0_7827_196.nasl

Version: 1.1

Type: Local

Agent: macosx

Published: 6/24/2026

Updated: 6/24/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-13038

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 6/23/2026

Vulnerability Publication Date: 6/23/2026

Reference Information

CVE: CVE-2026-13021, CVE-2026-13022, CVE-2026-13023, CVE-2026-13024, CVE-2026-13025, CVE-2026-13026, CVE-2026-13027, CVE-2026-13028, CVE-2026-13029, CVE-2026-13030, CVE-2026-13031, CVE-2026-13032, CVE-2026-13033, CVE-2026-13034, CVE-2026-13035, CVE-2026-13036, CVE-2026-13037, CVE-2026-13038