Derin Eryilmaz

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.62 **Description** The issue is related to insufficient data validation in the Extensions component of Google Chrome, allowing a remote attacker to perform privilege escalation via a crafted Chrome Extension. **Recommendations** For versions prior to 120.0.6099.62, update to version 120.0.6099.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 116.0.5845.120 **Description** The issue is related to insufficient data validation in Systems Extensions in Google Chrome on ChromeOS, which can be exploited by an attacker to bypass file restrictions via a crafted HTML page. This can occur if the attacker convinces a user to install a malicious extension. The estimated number of potentially affected devices and real-world incidents are not specified. **Recommendations** For Google Chrome on ChromeOS versions prior to 116.0.5845.120, update to version 116.0.5845.120 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to minimize the risk of exploitation. Avoid using crafted HTML pages that could bypass file restrictions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 115.0.5790.170 **Description** The issue is related to an inappropriate implementation in the Extensions component of Google Chrome, which could allow an attacker to inject scripts or HTML into a privileged page via a crafted Chrome Extension. This could be achieved if the attacker convinces a user to install a malicious extension. The vulnerability is associated with incorrectly implemented security checks for standard elements, potentially enabling a remote attacker to conduct cross-site scripting attacks by loading a special extension. **Recommendations** For Google Chrome versions prior to 115.0.5790.170, update to version 115.0.5790.170 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 115.0.5790.170 **Description** The issue is related to insufficient data validation in the Extensions component of Google Chrome, allowing an attacker to inject scripts or HTML into a privileged page via a crafted Chrome Extension. This could enable cross-site scripting attacks if a malicious extension is installed. **Recommendations** For versions prior to 115.0.5790.170, update to version 115.0.5790.170 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.