The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5244 advisory.

  - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to     105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass     navigation restrictions via a crafted HTML page. (CVE-2022-3201)

  - Use after free in CSS. (CVE-2022-3304)

  - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)

  - Use after free in Media. (CVE-2022-3307)

  - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)

  - Use after free in Assistant. (CVE-2022-3309)

  - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)

  - Use after free in Import. (CVE-2022-3311)

  - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)

  - Incorrect security UI in Full Screen. (CVE-2022-3313)

  - Use after free in Logging. (CVE-2022-3314)

  - Type confusion in Blink. (CVE-2022-3315)

  - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)

  - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)

  - Use after free in ChromeOS Notifications. (CVE-2022-3318)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5244-1 : chromium - security update

high Nessus Plugin ID 165594

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Oct 10, 2023, 4:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2022-3318" to "CVE-2022-3315") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310101616
Version 1.5 Nov 3, 2022, 4:28 PM CVSSv3 severity (Based on CVE-2022-3315 severity increased from Medium to High) CVSSv3 score source (Changed from CVE-2022-3201 to CVE-2022-3315) CVSS metrics Plugin Feed: 202211031628
Version 1.4 Oct 18, 2022, 10:07 AM IAVM reference Plugin Feed: 202210181007