Synopsis
A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_11_stable-channel-update-for-desktop_29 advisory.
- Type Confusion in V8. (CVE-2022-4174)
- Use after free in Camera Capture. (CVE-2022-4175)
- Out of bounds write in Lacros Graphics. (CVE-2022-4176)
- Use after free in Extensions. (CVE-2022-4177)
- Use after free in Mojo. (CVE-2022-4178, CVE-2022-4180)
- Use after free in Audio. (CVE-2022-4179)
- Use after free in Forms. (CVE-2022-4181)
- Inappropriate implementation in Fenced Frames. (CVE-2022-4182)
- Insufficient policy enforcement in Popup Blocker. (CVE-2022-4183)
- Insufficient policy enforcement in Autofill. (CVE-2022-4184)
- Inappropriate implementation in Navigation. (CVE-2022-4185)
- Insufficient validation of untrusted input in Downloads. (CVE-2022-4186)
- Insufficient policy enforcement in DevTools. (CVE-2022-4187, CVE-2022-4189)
- Insufficient validation of untrusted input in CORS. (CVE-2022-4188)
- Insufficient data validation in Directory. (CVE-2022-4190)
- Use after free in Sign-In. (CVE-2022-4191)
- Use after free in Live Caption. (CVE-2022-4192)
- Insufficient policy enforcement in File System API. (CVE-2022-4193)
- Use after free in Accessibility. (CVE-2022-4194)
- Insufficient policy enforcement in Safe Browsing. (CVE-2022-4195)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Google Chrome version 108.0.5359.71 or later.
Plugin Details
File Name: google_chrome_108_0_5359_71.nasl
Agent: windows
Configuration: Enable thorough checks
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Required KB Items: SMB/Google_Chrome/Installed
Exploit Ease: Exploits are available
Patch Publication Date: 11/29/2022
Vulnerability Publication Date: 11/29/2022
Reference Information
CVE: CVE-2022-4174, CVE-2022-4175, CVE-2022-4176, CVE-2022-4177, CVE-2022-4178, CVE-2022-4179, CVE-2022-4180, CVE-2022-4181, CVE-2022-4182, CVE-2022-4183, CVE-2022-4184, CVE-2022-4185, CVE-2022-4186, CVE-2022-4187, CVE-2022-4188, CVE-2022-4189, CVE-2022-4190, CVE-2022-4191, CVE-2022-4192, CVE-2022-4193, CVE-2022-4194, CVE-2022-4195