The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5694 advisory.

  - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute     arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-4947)

  - Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-4948)

  - Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-4949)

  - Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote     attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML     page. (Chromium security severity: Low) (CVE-2024-4950)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5694 : chromium - security update

high Nessus Plugin ID 197486

Version 1.2