Duckhiem

**Nome do Software Vulnerável e Versões Afetadas** Versões do Google Chrome anteriores à 132.0.6834.83 Microsoft Edge (versões afetadas não especificadas) **Descrição** O problema existe devido à proteção inadequada da estrutura da página web na função de Navegação dos navegadores. Isso poderia permitir que um atacante remoto escalonasse privilégios utilizando uma página HTML especialmente elaborada. A severidade deste problema é considerada baixa pelo Chromium. **Recomendações** Para versões do Google Chrome anteriores à 132.0.6834.83, atualize para a versão 132.0.6834.83 ou superior para resolver o problema. Para o Microsoft Edge, no momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.96 **Description** The issue is related to an inappropriate implementation in Fullscreen in Google Chrome on Android, which allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This could be achieved by exploiting a vulnerability related to improperly implemented security checks for standard elements. **Recommendations** For versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the Fullscreen feature in Google Chrome on Android until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 111 **Description** The issue is related to insufficient access control in Mozilla Firefox. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information when a specially crafted document is opened. If temporary permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. **Recommendations** For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting the use of file: URL loaded documents in the same tab to minimize the risk of exploitation. Avoid granting temporary permissions to documents from untrusted sources.