Detections
Analytics
Google Chrome < 69.0.3497.92 Vulnerability
high Nessus Plugin ID 117429
Language:
Synopsis
A web browser installed on the remote Windows host is affected by a vulnerabilityDescription
The version of Google Chrome installed on the remote host is prior to 69.0.3497.92. It is, therefore, affected by multiple vulnerabilities as referenced in the Google Chrome stable channel update release notes for 2018/09/11.- An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page (CVE-2018-17458).
- Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page (CVE-2018-17459).
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Google Chrome version 69.0.3497.92 or later.See Also
Plugin Details
Severity: High
ID: 117429
File Name: google_chrome_69_0_3497_92.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 9/12/2018
Updated: 8/8/2024
Configuration: Enable thorough checks
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-17458
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Required KB Items: SMB/Google_Chrome/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 9/11/2018
Vulnerability Publication Date: 9/11/2018
Reference Information
CVE: CVE-2018-17458, CVE-2018-17459