The version of Google Chrome installed on the remote Windows host is prior to 125.0.6422.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory.

  - Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-5493)

  - Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-5494,     CVE-2024-5495)

  - Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to     execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-5496)

  - Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote     attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via     a crafted HTML page. (Chromium security severity: High) (CVE-2024-5497)

  - Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-5498)

  - Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to     execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-5499)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Google Chrome < 125.0.6422.141 Multiple Vulnerabilities

high Nessus Plugin ID 198163

Version 1.6