The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_11_stable-channel-update-for-desktop_29 advisory.

  - Type Confusion in V8. (CVE-2022-4174)

  - Use after free in Camera Capture. (CVE-2022-4175)

  - Out of bounds write in Lacros Graphics. (CVE-2022-4176)

  - Use after free in Extensions. (CVE-2022-4177)

  - Use after free in Mojo. (CVE-2022-4178, CVE-2022-4180)

  - Use after free in Audio. (CVE-2022-4179)

  - Use after free in Forms. (CVE-2022-4181)

  - Inappropriate implementation in Fenced Frames. (CVE-2022-4182)

  - Insufficient policy enforcement in Popup Blocker. (CVE-2022-4183)

  - Insufficient policy enforcement in Autofill. (CVE-2022-4184)

  - Inappropriate implementation in Navigation. (CVE-2022-4185)

  - Insufficient validation of untrusted input in Downloads. (CVE-2022-4186)

  - Insufficient policy enforcement in DevTools. (CVE-2022-4187, CVE-2022-4189)

  - Insufficient validation of untrusted input in CORS. (CVE-2022-4188)

  - Insufficient data validation in Directory. (CVE-2022-4190)

  - Use after free in Sign-In. (CVE-2022-4191)

  - Use after free in Live Caption. (CVE-2022-4192)

  - Insufficient policy enforcement in File System API. (CVE-2022-4193)

  - Use after free in Accessibility. (CVE-2022-4194)

  - Insufficient policy enforcement in Safe Browsing. (CVE-2022-4195)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Google Chrome < 108.0.5359.71 Multiple Vulnerabilities

high Nessus Plugin ID 168273

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.6 Jan 6, 2023, 4:14 PM CVSS temporal metrics ("CVSSv2 temporal score" set to "7.8") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal score" set to "7.9") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202301061614
Version 1.5 Dec 8, 2022, 4:04 PM IAVM reference Plugin Feed: 202212081604
Version 1.4 Dec 2, 2022, 4:16 PM CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSS metrics ("CVSSv3 score" changed from "9.8" to "8.8") CVSSv3 score source (set to "CVE-2022-4194") Plugin Feed: 202212021616
Version 1.3 Dec 2, 2022, 9:45 AM STIG Severity (set to "I") IAVM reference Plugin Feed: 202212020945
Version 1.2 Nov 30, 2022, 1:52 AM New Plugin Feed: 202211300152