The version of Microsoft Edge installed on the remote Windows host is prior to 131.0.2903.48. It is, therefore, affected by multiple vulnerabilities as referenced in the November 14, 2024 advisory.

  - Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote     attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)     (CVE-2024-11110)

  - Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker     who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
    (Chromium security severity: Medium) (CVE-2024-11111)

  - Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)     (CVE-2024-11112)

  - Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium     security severity: Medium) (CVE-2024-11113)

  - Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote     attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted     HTML page. (Chromium security severity: Medium) (CVE-2024-11114)

  - Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a     remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity:
    Medium) (CVE-2024-11115)

  - Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker     who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
    (Chromium security severity: Medium) (CVE-2024-11116)

  - Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote     attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)     (CVE-2024-11117)

  - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-49025)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Microsoft Edge (Chromium) < 131.0.2903.48 Multiple Vulnerabilities

high Nessus Plugin ID 211402

Version 1.4