Choongwoo Han

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 88.0.4324.146 **Descrição** O problema está relacionado a uma vulnerabilidade do tipo “use after free” no componente de navegação do Google Chrome, o que poderia permitir que um invasor remoto que tivesse comprometido o processo de renderização potencialmente escapasse da sandbox por meio de uma página HTML maliciosa. Isso pode afetar a confidencialidade, a integridade e a disponibilidade das informações protegidas. **Recomendações** Para versões anteriores à 88.0.4324.146, atualize para a versão 88.0.4324.146 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a componentes de navegação potencialmente vulneráveis até que um patch seja aplicado.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-22 **Description** A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file allows a remote attacker to cause a denial of service, resulting in an application crash, via a maliciously crafted pict file. **Recommendations** For ImageMagick version 7.0.7-22, consider updating to a newer version that contains a fix for this issue, as using a maliciously crafted pict file can cause the application to crash.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.7-23 **Description** The issue is related to a memory leak in the ReadDCMImage function. This function is located in coders/dcm.c. The memory leak occurs because the `redmap`, `greenmap`, and `bluemap` variables can be overwritten by new pointers, causing the previous pointers to be lost. This allows remote attackers to cause a denial of service. **Recommendations** For versions prior to 7.0.7-23, update to version 7.0.7-23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 50.0.2661.75 Opera (affected versions not specified) **Description** The issue is related to the LoadBuffer implementation in Google V8, which mishandles data types. This can be exploited by remote attackers using crafted JavaScript code, potentially leading to a denial of service or other unspecified impacts due to an out-of-bounds write operation. The issue is related to the files compiler/pipeline.cc and compiler/simplified-lowering.cc. **Recommendations** For Google Chrome versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.