Looben Yang

**Nome do Software Vulnerável e Versões Afetadas** Versões do Chromium anteriores a 140.0.7339.127 Versões do Microsoft Edge (baseado em Chromium) anteriores a 140.0.7339.127 Versões do Vivaldi anteriores a 138.0.7204.261 **Descrição** Existe um problema crítico de use-after-free no componente ServiceWorker do Chromium. Esta falha poderia permitir que um atacante remoto explorasse potencialmente a corrupção de heap por meio de uma página HTML especialmente criada, podendo levar à execução arbitrária de código ou negação de serviço. A vulnerabilidade está relacionada a uma condição de corrida entre o tratamento de timeouts de solicitação e o início de novas solicitações dentro do ServiceWorker, resultando em uma condição de use-after-free. Um pesquisador descobriu o problema e recebeu uma recompensa de $43.000 do Google. Não houve relatos confirmados de exploração ativa na natureza. O componente `ServiceWorker` é suscetível a esta falha. **Recomendações** Versões do Chromium anteriores a 140.0.7339.127: Atualize para a versão 140.0.7339.127 ou posterior. Versões do Microsoft Edge (baseado em Chromium) anteriores a 140.0.7339.127: Atualize para a versão 140.0.7339.127 ou posterior. Versões do Vivaldi anteriores a 138.0.7204.261: Atualize para a versão 138.0.7204.261 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 125.0.6422.76 Microsoft Edge (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade do tipo “use-after-free” no componente de agendamento dos navegadores Google Chrome e Microsoft Edge. Essa vulnerabilidade pode ser explorada por um invasor remoto para executar código arbitrário dentro de uma sandbox por meio de uma página HTML maliciosa. A gravidade de segurança do Chromium para este problema é Alta. **Recomendações** Para versões do Google Chrome anteriores à 125.0.6422.76, atualize para a versão 125.0.6422.76 ou posterior para resolver o problema. Para o Microsoft Edge, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Firefox for Android versions prior to 112 Focus for Android versions prior to 112 **Description** The issue is related to multiple race conditions in the font initialization, which could lead to memory corruption and execution of attacker-controlled code. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with concurrent execution using a shared resource with incorrect synchronization. **Recommendations** For Firefox versions prior to 112, update to version 112 or later. For Firefox for Android versions prior to 112, update to version 112 or later. For Focus for Android versions prior to 112, update to version 112 or later.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 104.0.5112.79 **Descrição** O problema está relacionado a uma leitura fora dos limites no componente Dawn, o que pode permitir que um invasor remoto explore uma corrupção de heap por meio de uma página HTML maliciosa. Isso poderia levar à divulgação de informações protegidas. O número estimado de dispositivos potencialmente afetados em todo o mundo não foi especificado. **Recomendações** Para versões do Google Chrome anteriores à 104.0.5112.79, atualize para a versão 104.0.5112.79 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 94.0.4606.54 **Descrição** O problema está relacionado a uma vulnerabilidade do tipo “use after free” no WebGPU, que pode permitir que um invasor remoto explore uma corrupção de heap por meio de uma página HTML maliciosa. Isso poderia permitir que o invasor contornasse as restrições de segurança existentes. **Recomendações** Para versões anteriores à 94.0.4606.54, atualize para a versão 94.0.4606.54 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à API WebGPU até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 81.0.4044.138 **Descrição** O problema está relacionado a uma confusão de tipos no Blink, que pode ser explorada por um invasor remoto por meio de uma página HTML maliciosa, podendo levar à corrupção da pilha (heap). Isso poderia permitir que o invasor acessasse dados confidenciais, comprometesse a integridade dos dados e causasse uma negação de serviço. **Recomendações** Para versões do Google Chrome anteriores à 81.0.4044.138, atualize para a versão 81.0.4044.138 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do Firefox ESR anteriores à 68.8 Versões do Firefox anteriores à 76 Versões do Thunderbird anteriores à 68.8.0 **Descrição** Uma condição de corrida ao executar o código de desligamento do Web Worker levou a um problema de uso após liberação de memória, resultando em uma falha potencialmente explorável. Isso poderia permitir que um invasor remoto causasse uma negação de serviço. **Recomendações** Para versões do Firefox ESR anteriores à 68.8, atualize para a versão 68.8 ou posterior. Para versões do Firefox anteriores à 76, atualize para a versão 76 ou posterior. Para versões do Thunderbird anteriores à 68.8.0, atualize para a versão 68.8.0 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3 **Description** The issue is related to the use of nested workers in browsers, which can lead to a use-after-free condition during worker destruction, resulting in a potentially exploitable crash. This could allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For Firefox versions prior to 71, update to version 71 or later. For Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 62 **Description** The issue is related to memory safety bugs in Firefox, which can lead to memory corruption. It is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is caused by a buffer overflow in memory, allowing a remote attacker to potentially execute arbitrary code. **Recommendations** For versions prior to 62, update to version 62 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to a use after free in Blink, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to the early free of an object in use in IndexDB, which allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This could lead to arbitrary code execution. The vulnerability is associated with the use of memory after it has been freed, and exploitation may allow a remote attacker to execute arbitrary code using a specially crafted HTML page. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.6 Firefox versions prior to 58 **Description** A use-after-free issue can occur during WebRTC connections when interacting with the DTMF timers, resulting in a potentially exploitable crash. The vulnerability is related to the implementation of WebRTC technology in Mozilla Firefox and Firefox-ESR browsers, allowing a remote attacker to cause a denial of service. **Recommendations** For Firefox ESR versions prior to 52.6, update to version 52.6 or later. For Firefox versions prior to 58, update to version 58 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58 Description: A use-after-free issue can occur when a Web Worker thread is freed from memory prematurely, instead of from the main thread memory, while cancelling fetch operations. This can potentially lead to a denial of service. The vulnerability is related to the implementation of the Web Worker mechanism in the browser, which can cause an out-of-bounds operation in memory. Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 55 Firefox ESR versions prior to 52.3 Thunderbird versions prior to 52.3 **Description** The issue is related to a use-after-free vulnerability in the implementation of WebSockets technology. This vulnerability can be exploited by a remote attacker to cause a denial of service, resulting in a crash. The vulnerability occurs when the object holding the connection is freed before the disconnection operation is finished. **Recommendations** For Firefox versions prior to 55, update to version 55 or later to resolve the issue. For Firefox ESR versions prior to 52.3, update to version 52.3 or later to resolve the issue. For Thunderbird versions prior to 52.3, update to version 52.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Thunderbird versions prior to 52 **Description** A use-after-free issue can occur in the ANGLE graphics library, specifically within the `libGLES` component used for WebGL content on Windows. This happens when buffer storage is freed while still being used, potentially leading to a crash. Other operating systems are not affected. **Recommendations** For Firefox versions prior to 52, update to version 52 or later to resolve the issue. For Thunderbird versions prior to 52, update to version 52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 57.0.2987.98 Opera versions prior to 57.0.2987.98 (note: exact version not specified, assuming similar to Chrome) **Description** A use after free issue in ANGLE allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. This could potentially be exploited by an attacker to access sensitive information. **Recommendations** For Google Chrome versions prior to 57.0.2987.98, update to version 57.0.2987.98 or later to resolve the issue. For Opera, since the exact fixed version is not specified, it is recommended to update to the latest version available, ensuring it is at or beyond the equivalent security patch level as Google Chrome 57.0.2987.98.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 55.0.2883.75 for Mac, Windows and Linux Google Chrome version prior to 55.0.2883.84 for Android Opera (affected versions not specified) **Description** A use after free issue in the webaudio component allows a remote attacker to perform an out of bounds memory read via a crafted HTML page, potentially giving access to protected information. This could enable remote attackers to view memory contents beyond boundaries using a specially formed HTML page. **Recommendations** For Google Chrome versions prior to 55.0.2883.75 on Mac, Windows, and Linux, update to version 55.0.2883.75 or later. For Google Chrome version prior to 55.0.2883.84 on Android, update to version 55.0.2883.84 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 Firefox ESR 45.x versions prior to 45.3 **Description** The issue is related to a use-after-free vulnerability in the `CanonicalizeXPCOMParticipant` function. This vulnerability can be exploited by a remote attacker to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. **Recommendations** For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Firefox ESR 45.x versions prior to 45.3, update to version 45.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 46.0 **Description** The issue is related to a use-after-free vulnerability in the ServiceWorkerInfo class of the Service Worker subsystem. This vulnerability can be exploited by a remote attacker to execute arbitrary code via vectors related to the `BeginReading` method. The vulnerability is associated with the use of memory after it has been freed. **Recommendations** For versions prior to 46.0, update to version 46.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Service Worker subsystem until a patch is available. Avoid using the `BeginReading` method in affected versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to the ServiceWorkerManager class and can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in out-of-bounds read and memory corruption. This is achieved through unspecified use of the Clients API. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Clients API until a patch is available.