The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5648 advisory.

  - Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to     potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-2625)

  - Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to     perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2024-2626)

  - Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2627)

  - Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote     attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) (CVE-2024-2628)

  - Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform     UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2629)

  - Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to     leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2630)

  - Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to     perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-2631)

  - Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2024-2883)

  - Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2885)

  - Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform     arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2886)

  - Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute     arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2887)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5648 : chromium - security update

high Nessus Plugin ID 192686

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.4 May 6, 2024, 6:54 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202405060654
Version 1.3 Apr 5, 2024, 10:46 AM IAVM reference Plugin Feed: 202404051046
Version 1.2 Apr 2, 2024, 2:43 PM CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 score source (changed from "CVE-2024-2885" to "CVE-2024-2627") CVSSv2 severity (based on CVE-2024-2627, severity increased from "Medium" to "High") Plugin Feed: 202404021443
Version 1.1 Mar 29, 2024, 1:58 PM IAVM reference STIG Severity (set) Plugin Feed: 202403291358
Version 1.1 Apr 2, 2024, 12:34 PM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 score source (changed from "CVE-2024-2885" to "CVE-2024-2627") CVSSv2 severity (based on CVE-2024-2627, severity increased from "Medium" to "High") Plugin Feed: 202404021234
Version 1.0 Mar 29, 2024, 11:43 AM New Plugin Feed: 202403291143