Mark Amery

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 95.0.4638.69 **Descrição** O problema está relacionado à aplicação insuficiente de políticas no recurso de preenchimento automático do Google Chrome, permitindo que um invasor remoto vaze dados entre origens por meio de uma página HTML maliciosa. Isso poderia possibilitar o acesso não autorizado a informações protegidas. O número estimado de dispositivos potencialmente afetados em todo o mundo não foi especificado. **Recomendações** Para versões anteriores à 95.0.4638.69, atualize para a versão 95.0.4638.69 ou posterior para resolver o problema. Como solução temporária, considere desativar o recurso de preenchimento automático até que um patch esteja disponível. Restrinja o acesso a informações confidenciais ao usar o Google Chrome até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to insufficient policy enforcement in the Blink component of Google Chrome, which can be exploited by a remote attacker to leak cross-origin data. This can be achieved via a crafted HTML page, allowing the attacker to access confidential data. **Recommendations** For versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to insufficient policy enforcement in autocomplete, allowing a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This could lead to the disclosure of protected information. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 75.0.3770.142 **Description** The issue concerns incorrect font handling in autofill, allowing a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This could also lead to unauthorized access to protected information or cause a denial of service with a specially formed web page. **Recommendations** For versions prior to 75.0.3770.142, update to version 75.0.3770.142 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 74.0.3729.108 **Description** The issue is related to an error in the autofill feature, allowing information to be retrieved from the process memory. A remote attacker can exploit this to gain access to confidential data through a specially crafted HTML page. **Recommendations** For versions prior to 74.0.3729.108, update to version 74.0.3729.108 or later to resolve the issue. As a temporary workaround, consider disabling the autofill feature until a patch is available. Restrict access to sensitive information when using affected versions of Google Chrome to minimize the risk of exploitation.