The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5877 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5877-1                   security@debian.org     https://www.debian.org/security/                           Andres Salomon     March 12, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : chromium     CVE ID         : CVE-2025-1920 CVE-2025-2135 CVE-2025-2136 CVE-2025-2137                      CVE-2025-24201

    Security issues were discovered in Chromium which could result     in the execution of arbitrary code, denial of service, or information     disclosure.

    For the stable distribution (bookworm), these problems have been fixed in     version 134.0.6998.88-1~deb12u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5877 : chromium - security update

high Nessus Plugin ID 232663

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Mar 21, 2025, 6:26 PM IAVM reference Plugin Feed: 202503211826
Version 1.3 Mar 15, 2025, 2:36 AM New Plugin Feed: 202503150236
Version 1.2 Mar 14, 2025, 3:40 AM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202503140340
Version 1.1 Mar 13, 2025, 1:17 AM New Plugin Feed: 202503130117