The version of Google Chrome installed on the remote Windows host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_07_stable-channel-update-for-desktop advisory.

  - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to     perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-6772)

  - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-6773)

  - Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who     convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: High) (CVE-2024-6774)

  - Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who     convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted     HTML page. (Chromium security severity: High) (CVE-2024-6775)

  - Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-6776)

  - Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome     Extension. (Chromium security severity: High) (CVE-2024-6777)

  - Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to     install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome     Extension. (Chromium security severity: High) (CVE-2024-6778)

  - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to     potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)     (CVE-2024-6779)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Google Chrome < 126.0.6367.182 Multiple Vulnerabilities

high Nessus Plugin ID 203143

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Oct 18, 2024, 9:34 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202410180934
Version 1.3 Aug 2, 2024, 9:39 AM CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2024-6779") Plugin Feed: 202408020939
Version 1.2 Jul 26, 2024, 11:33 AM IAVM reference Plugin Feed: 202407261133
Version 1.1 Jul 23, 2024, 9:24 PM New Plugin Feed: 202407232124