The version of Google Chrome installed on the remote Windows host is prior to 71.0.3578.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 2018_12_stable-channel-update-for-desktop advisory.

  - Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8     in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a     sandbox via a crafted HTML page. (CVE-2018-17480)

  - Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote     attacker to potentially exploit heap corruption via a crafted PDF file. (CVE-2018-17481)

  - Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18335)

  - Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to     potentially exploit heap corruption via a crafted PDF file. (CVE-2018-18336)

  - Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to     71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2018-18337)

  - Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote     attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18338)

  - Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18339)

  - Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote     attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18340)

  - An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80     allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18341)

  - Execution of user supplied Javascript during object deserialization can update object length leading to an     out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute     arbitrary code inside a sandbox via a crafted HTML page. (CVE-2018-18342)

  - Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80     allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-18343)

  - Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google     Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access     files on the local file system via a crafted Chrome Extension. (CVE-2018-18344)

  - Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote     attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML     page. (CVE-2018-18345)

  - Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote     attacker to present confusing browser UI via a crafted HTML page. (CVE-2018-18346)

  - Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to     71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin     via a crafted HTML page. (CVE-2018-18347)

  - Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to     71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain     name. (CVE-2018-18348)

  - Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to     71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on     the local file system via a crafted Chrome Extension. (CVE-2018-18349)

  - Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80     allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2018-18350)

  - Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome     prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
    (CVE-2018-18351)

  - Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to     71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML     page. (CVE-2018-18352)

  - Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android     prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via     a crafted HTML page. (CVE-2018-18353)

  - Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to     71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
    (CVE-2018-18354)

  - Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80     allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
    (CVE-2018-18355, CVE-2018-18357, CVE-2018-20070)

  - An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to     71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2018-18356)

  - Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an     attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
    (CVE-2018-18358)

  - Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote     attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2018-18359)

  - Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to     initiate potentially unsafe navigations without a user gesture via a crafted PDF file. (CVE-2018-20065)

  - Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker     to potentially exploit heap corruption via a crafted HTML page. (CVE-2018-20066)

  - A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in     Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the     origin of the current page via a crafted HTML page. (CVE-2018-20067)

  - Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a     remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
    (CVE-2018-20068)

  - Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to     71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a     crafted HTML page. (CVE-2018-20069)

  - Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior     to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker     controled files via a crafted HTML page. (CVE-2018-20071)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Google Chrome < 71.0.3578.80 Multiple Vulnerabilities

high Nessus Plugin ID 119558

Version 1.10

Version 1.9

Version 1.8

Version 1.10 Oct 24, 2024, 7:46 AM Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202410240746
Version 1.9 Oct 23, 2024, 10:51 PM CVE (set "CVE" coverage to "CVE-2018-17480,CVE-2018-17481,CVE-2018-18335,CVE-2018-18336,CVE-2018-18337,CVE-2018-18338,CVE-2018-18339,CVE-2018-18340,CVE-2018-18341,CVE-2018-18342,CVE-2018-18343,CVE-2018-18344,CVE-2018-18345,CVE-2018-18346,CVE-2018-18347,CVE-2018-18348,CVE-2018-18349,CVE-2018-18350,CVE-2018-18351,CVE-2018-18352,CVE-2018-18353,CVE-2018-18354,CVE-2018-18355,CVE-2018-18356,CVE-2018-18357,CVE-2018-18358,CVE-2018-18359,CVE-2018-20065,CVE-2018-20066,CVE-2018-20067,CVE-2018-20068,CVE-2018-20069,CVE-2018-20070,CVE-2018-20071") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 score source (changed from "CVE-2018-18359" to "CVE-2018-20066") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Exploit attributes ("Exploited by malware" changed from "True" to none) Plugin metadata Plugin Feed: 202410232251
Version 1.8 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311