The version of Google Chrome installed on the remote Windows host is prior to 104.0.5112.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_08_stable-channel-update-for-desktop advisory.

  - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2022-2603)

  - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)

  - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)

  - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker     who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a     crafted HTML page. (CVE-2022-2606)

  - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker     who convinced a user to engage in specific user interactions to potentially exploit heap corruption via     specific UI interactions. (CVE-2022-2607)

  - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote     attacker who convinced a user to engage in specific user interactions to potentially exploit heap     corruption via specific UI interactions. (CVE-2022-2608)

  - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote     attacker who convinced a user to engage in specific user interactions to potentially exploit heap     corruption via specific UI interactions. (CVE-2022-2609)

  - Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a     remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap     corruption via crafted UI interactions. (Chrome security severity: High) (CVE-2022-2742)

  - Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed     a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds     memory write via crafted UI interactions. (Chrome security severity: High) (CVE-2022-2743)

  - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a     remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)

  - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed     a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)

  - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a     remote attacker who had compromised the renderer process to obtain potentially sensitive information from     process memory via a crafted HTML page. (CVE-2022-2612)

  - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who     convinced a user to enage in specific user interactions to potentially exploit heap corruption via     specific UI interactions. (CVE-2022-2613)

  - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)

  - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who     convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: Medium) (CVE-2022-4914)

  - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote     attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)

  - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker     who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a     crafted Chrome Extension. (CVE-2022-2616)

  - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced     a user to install a malicious extension to potentially exploit heap corruption via specific UI     interactions. (CVE-2022-2617)

  - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a     remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)

  - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an     attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged     page via a crafted HTML page. (CVE-2022-2619)

  - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who     convinced a user to engage in specific user interactions to potentially exploit heap corruption via     specific UI interactions. (CVE-2022-2620)

  - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
    (CVE-2022-2621)

  - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to     104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
    (CVE-2022-2622)

  - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who     convinced a user to engage in specific user interactions to potentially exploit heap corruption via     specific UI interactions. (CVE-2022-2623)

  - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who     convinced a user to engage in specific user interactions to potentially exploit heap corruption via a     crafted PDF file. (CVE-2022-2624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Google Chrome < 104.0.5112.79 Multiple Vulnerabilities

high Nessus Plugin ID 163724

Version 1.11

Version 1.10

Version 1.9

Version 1.8

Version 1.8

Version 1.7

Version 1.7

Version 1.11 Oct 24, 2024, 7:46 AM CVSSv2 score source (changed from "CVE-2022-2742" to "CVE-2022-4914") CVSSv3 score source (changed from "CVE-2022-4914" to none) Plugin Feed: 202410240746
Version 1.10 Oct 23, 2024, 10:51 PM CVE (set "CVE" coverage to "CVE-2022-2603,CVE-2022-2604,CVE-2022-2605,CVE-2022-2606,CVE-2022-2607,CVE-2022-2608,CVE-2022-2609,CVE-2022-2610,CVE-2022-2611,CVE-2022-2612,CVE-2022-2613,CVE-2022-2614,CVE-2022-2615,CVE-2022-2616,CVE-2022-2617,CVE-2022-2618,CVE-2022-2619,CVE-2022-2620,CVE-2022-2621,CVE-2022-2622,CVE-2022-2623,CVE-2022-2624,CVE-2022-2742,CVE-2022-2743,CVE-2022-4914") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 score source (changed from "CVE-2022-2624" to "CVE-2022-2742") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (set to "CVE-2022-4914") Plugin metadata Plugin Feed: 202410232251
Version 1.9 Feb 5, 2024, 4:13 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202402051613
Version 1.8 Oct 25, 2023, 7:17 PM CVSSv2 score source (changed from "CVE-2022-2623" to "CVE-2022-2624") CVSSv3 score source (changed from "CVE-2022-2624" to "None") Plugin Feed: 202310251917
Version 1.8 Feb 5, 2024, 2:20 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202402051420
Version 1.7 Mar 21, 2023, 7:30 PM Plugin metadata Plugin Feed: 202303211930
Version 1.7 Oct 25, 2023, 5:17 PM CVSSv2 score source (changed from "CVE-2022-2623" to "CVE-2022-2624") CVSSv3 score source (changed from "CVE-2022-2624" to "None") Plugin Feed: 202310251717