I have a machine which does not have Google chrome installed but when I try to scan it using Nexpose and Retina all the Chrome related vulnerabilities are listed in the report and it shows it as vulnerable.
Has anyone else faced this issue? Am I missing anything here?
Check which files are reported as vulnerable. There are a lot of programs that embed significant chunks of Chrome - not the actual browser window (the "chrome") but the rendering engine, JS, engine, the sandboxing framework, possibly the Google account stuff (in other words, the parts that are actually likely to have vulnerabilities), and it is possible that the scanner is noticing these things. For example, CEF (Chromium Embedded Framework) is pretty common in a lot of software that wants to make a desktop version of what was originally written as a web app, but CEF components need to be kept up to date as bugs are found and patched in the Chromium code from which they come.
Of course, most apps that embed Chrom(e|ium) components are only using them to render a very limited selection of content, so the risk is generally a lot lower (harder for an attacker to slip malicious script into a dedicated app that only loads scripts from its one server than into a web browser that loads scripts from literally anywhere).
