Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 109.0.1518.100. It is, therefore, affected by a type confusion vulnerability in V8 as referenced in the April 24, 2023 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202309-17 (Chromium, Google Chrome, Microsoft Edge:
Multiple Vulnerabilities)

  - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0696)

  - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77     allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-0697)

  - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform     an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0698)

  - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)     (CVE-2023-0699)

  - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker     to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security     severity: Medium) (CVE-2023-0700)

  - Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who     convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI     interaction . (Chromium security severity: Medium) (CVE-2023-0701)

  - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who     convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0702)

  - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced     a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions.
    (Chromium security severity: Medium) (CVE-2023-0703)

  - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote     attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security     severity: Low) (CVE-2023-0704)

  - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a     race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security     severity: Low) (CVE-2023-0705)

  - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote     attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: High) (CVE-2023-0927)

  - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-0928)

  - Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0929)

  - Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-0930)

  - Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0931)

  - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who     convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a     crafted HTML page. (Chromium security severity: High) (CVE-2023-0932)

  - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially     exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-0933)

  - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)     (CVE-2023-0941)

  - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1528)

  - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker     to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)     (CVE-2023-1529)

  - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530)

  - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531)

  - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-1532)

  - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-1533)

  - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1534)

  - Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1810)

  - Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a     user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-1811)

  - Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote     attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1812)

  - Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who     convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML     page. (Chromium security severity: Medium) (CVE-2023-1813)

  - Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49     allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security     severity: Medium) (CVE-2023-1814)

  - Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who     convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: Medium) (CVE-2023-1815)

  - Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote     attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1816)

  - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a     remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1817)

  - Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1818)

  - Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-1819)

  - Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker     who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1820)

  - Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker     to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security     severity: Low) (CVE-2023-1821)

  - Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1822)

  - Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1823)

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

  - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a     remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security     severity: High) (CVE-2023-2133, CVE-2023-2134)

  - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who     convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: High) (CVE-2023-2135)

  - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-2136)

  - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-2137)

  - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker     to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-2459)

  - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed     an attacker who convinced a user to install a malicious extension to bypass file access checks via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2460)

  - Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker     who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via     crafted UI interaction. (Chromium security severity: Medium) (CVE-2023-2461)

  - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker     to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-2462)

  - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63     allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium     security severity: Medium) (CVE-2023-2463)

  - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an     attacker who convinced a user to install a malicious extension to perform an origin spoof in the security     UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2464)

  - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to     leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2465)

  - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker     to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-2466)

  - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a     remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity:
    Low) (CVE-2023-2467)

  - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote     attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page.
    (Chromium security severity: Low) (CVE-2023-2468)

  - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)     (CVE-2023-2721)

  - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote     attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2023-2722)

  - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-2723)

  - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)

  - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-2725)

  - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an     attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML     page. (Chromium security severity: Medium) (CVE-2023-2726)

  - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-21720)

  - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-21794, CVE-2023-29334)

  - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-23374)

  - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-28261, CVE-2023-29350)

  - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-28286, CVE-2023-29354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0114-1 advisory.

  - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-1213)

  - Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1214)

  - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1215)

  - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had     convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a     crafted HTML page. (Chromium security severity: High) (CVE-2023-1216)

  - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a     remote attacker who had compromised the renderer process to obtain potentially sensitive information from     process memory via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1217)

  - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1218)

  - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1219)

  - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1220)

  - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an     attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a     crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-1221)

  - Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-1222)

  - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a     remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-1223)

  - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a     remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1224)

  - Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a     remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-1225)

  - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a     remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1226)

  - Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who     convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted     UI interaction. (Chromium security severity: Medium) (CVE-2023-1227)

  - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a     remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1228)

  - Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a     remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1229)

  - Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed     an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer     via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1230)

  - Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a     remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium     security severity: Medium) (CVE-2023-1231)

  - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a     remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium     security severity: Low) (CVE-2023-1232)

  - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an     attacker who convinced a user to install a malicious extension to obtain potentially sensitive information     from API via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-1233)

  - Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a     remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-1234)

  - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction.
    (Chromium security severity: Low) (CVE-2023-1235)

  - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote     attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)     (CVE-2023-1236)

  - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1528)

  - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker     to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)     (CVE-2023-1529)

  - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530)

  - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531)

  - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-1532)

  - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2023-1533)

  - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1534)

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

  - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a     remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security     severity: High) (CVE-2023-2133, CVE-2023-2134)

  - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who     convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: High) (CVE-2023-2135)

  - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-2136)

  - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-2137)

  - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)     (CVE-2023-2721)

  - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote     attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
    High) (CVE-2023-2722)

  - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-2723)

  - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)

  - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-2725)

  - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an     attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML     page. (Chromium security severity: Medium) (CVE-2023-2726)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-911c060ded advisory.

    update to 112.0.5615.165. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033     CVE-2023-2136

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2b6ba1c253 advisory.

    update to 112.0.5615.165. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033     CVE-2023-2136

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fa739b5753 advisory.

    update to 112.0.5615.165. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033     CVE-2023-2136

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c1741c9724 advisory.

    update to 112.0.5615.121. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8cc9731416 advisory.

    update to 112.0.5615.121. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.48. It is, therefore, affected by a vulnerability as referenced in the April 15, 2023 advisory.

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

  - A spoofing vulnerability could allow an attacker to bypass the Edge security warning message feature.
    (CVE-2023-29334)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-df075a7f85 advisory.

    update to 112.0.5615.121. Fixes the following security issues:

    CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0092-1 advisory.

  - Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: High) (CVE-2023-1810)

  - Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a     user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-1811)

  - Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote     attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1812)

  - Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who     convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML     page. (Chromium security severity: Medium) (CVE-2023-1813)

  - Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49     allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security     severity: Medium) (CVE-2023-1814)

  - Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who     convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: Medium) (CVE-2023-1815)

  - Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote     attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1816)

  - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a     remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-1817)

  - Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1818)

  - Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2023-1819)

  - Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker     who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a     crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1820)

  - Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker     to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security     severity: Low) (CVE-2023-1821)

  - Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1822)

  - Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to     bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1823)

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5390 advisory.

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f0327d4-9902-4042-9b68-6fc2266944bc advisory.

  - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 112.0.5615.121. It is, therefore, affected by a vulnerability as referenced in the 2023_04_stable-channel-update-for-desktop_14 advisory.

  - Type Confusion in V8. (CVE-2023-2033)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 112.0.5615.121. It is, therefore, affected by a vulnerability as referenced in the 2023_04_stable-channel-update-for-desktop_14 advisory.

  - Type Confusion in V8. (CVE-2023-2033)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
195173	Microsoft Edge (Chromium) < 109.0.1518.100 (CVE-2023-2033)	Nessus	Windows	high
182402	GLSA-202309-17 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
176441	openSUSE 15 Security Update : opera (openSUSE-SU-2023:0114-1)	Nessus	SuSE Local Security Checks	critical
174978	Fedora 38 : chromium (2023-911c060ded)	Nessus	Fedora Local Security Checks	critical
174813	Fedora 37 : chromium (2023-2b6ba1c253)	Nessus	Fedora Local Security Checks	critical
174765	Fedora 36 : chromium (2023-fa739b5753)	Nessus	Fedora Local Security Checks	critical
174600	Fedora 36 : chromium (2023-c1741c9724)	Nessus	Fedora Local Security Checks	critical
174598	Fedora 37 : chromium (2023-8cc9731416)	Nessus	Fedora Local Security Checks	critical
174524	Microsoft Edge (Chromium) < 112.0.1722.48	Nessus	Windows	high
174507	Fedora 38 : chromium (2023-df075a7f85)	Nessus	Fedora Local Security Checks	critical
174494	openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0092-1)	Nessus	SuSE Local Security Checks	high
174397	Debian DSA-5390-1 : chromium - security update	Nessus	Debian Local Security Checks	high
174390	FreeBSD : chromium -- multiple vulnerabilities (6f0327d4-9902-4042-9b68-6fc2266944bc)	Nessus	FreeBSD Local Security Checks	high
174333	Google Chrome < 112.0.5615.121 Vulnerability	Nessus	MacOS X Local Security Checks	high
174332	Google Chrome < 112.0.5615.121 Vulnerability	Nessus	Windows	high

Detections

Analytics

CVE-2023-2033

high

Tenable Plugins

high

critical

critical

critical

critical

critical

critical

critical

high

critical

high

high

high

high

high