Shhnjk

**Nome do Software Vulnerável e Versões Afetadas** Microsoft 365 Copilot (versões afetadas não especificadas) **Descrição** Este problema envolve uma divulgação de informações na funcionalidade BizChat do Microsoft 365 Copilot. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas:** OpenAI Operator SaaS na Web (versões afetadas não especificadas) **Descrição:** Existe uma falha no tratamento da Fullscreen API e na renderização da interface do usuário que permite que um atacante remoto capture dados sensíveis inseridos pelo usuário, como credenciais de login e endereços de e-mail. Isso é realizado exibindo uma interface de tela cheia enganosa com controles de navegador falsos e um elemento distrativo, como uma tela de consentimento de cookies, para ocultar notificações de tela cheia. Essa manipulação induz os usuários a interagir com um site malicioso. **Recomendações:** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 85.0.4183.83 **Descrição** O problema está relacionado à aplicação insuficiente de políticas no módulo de navegação, permitindo que um invasor remoto divulgue dados entre origens por meio de uma página HTML maliciosa. Isso poderia afetar potencialmente um número significativo de dispositivos em todo o mundo, embora o número exato não tenha sido especificado. Não há informações disponíveis sobre incidentes reais em que essa vulnerabilidade tenha sido explorada. **Recomendações** Para versões anteriores à 85.0.4183.83, atualize para a versão 85.0.4183.83 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a dados confidenciais e implementar medidas de segurança adicionais para minimizar o risco de vazamento de dados entre origens.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 87.0.4280.66 **Descrição** O problema está relacionado a uma implementação inadequada no mecanismo de cookies, permitindo que um invasor remoto contorne as restrições de cookies por meio de uma página HTML especialmente criada. Isso poderia levar ao acesso não autorizado a informações protegidas. A vulnerabilidade está associada a erros na implementação de verificações de segurança para elementos padrão no mecanismo de tratamento de cookies do Google Chrome. **Recomendações** Para versões do Google Chrome anteriores à 87.0.4280.66, atualize para a versão 87.0.4280.66 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 77.0.3865.75 **Description** The issue is related to insufficient policy enforcement in the Blink module of Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could enable the attacker to access confidential data. **Recommendations** For versions prior to 77.0.3865.75, update to version 77.0.3865.75 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 11.1.2 iOS versions prior to 12 Description: An inconsistent user interface issue was addressed with improved state management. Recommendations: For Safari versions prior to 11.1.2, update to version 11.1.2 or later. For iOS versions prior to 12, update to version 12 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 12 iOS versions prior to 12 tvOS versions prior to 12 iTunes for Windows versions prior to 12.9 iCloud for Windows versions prior to 7.7 **Description** A cross-site scripting issue existed in Safari, which was addressed with improved URL validation. **Recommendations** For Safari versions prior to 12, update to version 12 or later to resolve the issue. For iOS versions prior to 12, update to version 12 or later to resolve the issue. For tvOS versions prior to 12, update to version 12 or later to resolve the issue. For iTunes for Windows versions prior to 12.9, update to version 12.9 or later to resolve the issue. For iCloud for Windows versions prior to 7.7, update to version 7.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 70.0.3538.67 **Description** The issue concerns incorrect handling of the googlechrome:// URL scheme on iOS in Intents, allowing a remote attacker to escape the iframe sandbox via a crafted HTML page. **Recommendations** For versions prior to 70.0.3538.67, update to version 70.0.3538.67 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 69.0.3497.81 **Description** The issue is related to insufficient policy enforcement in site isolation, allowing a remote attacker to bypass site isolation via a crafted HTML page. This can lead to unauthorized access to protected information. The vulnerability is associated with errors in authorization when using Blob URL in Google Chrome. **Recommendations** For Google Chrome versions prior to 69.0.3497.81, update to version 69.0.3497.81 or later to resolve the issue. As a temporary workaround, consider restricting the use of Blob URL in Google Chrome to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 11.1.2 iTunes versions prior to 12.8 for Windows iOS versions prior to 11.4.1 tvOS versions prior to 11.4.1 iCloud for Windows versions prior to 7.6 **Description** The issue allows sound fetched through audio elements to be exfiltrated cross-origin. This was addressed with improved audio taint tracking. **Recommendations** For Safari versions prior to 11.1.2, update to version 11.1.2 or later. For iTunes versions prior to 12.8 for Windows, update to version 12.8 or later. For iOS versions prior to 11.4.1, update to version 11.4.1 or later. For tvOS versions prior to 11.4.1, update to version 11.4.1 or later. For iCloud for Windows versions prior to 7.6, update to version 7.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to a lack of protection for service data in the Blink rendering module of Google Chrome. It allows a remote attacker to bypass the no-referrer policy and disclose protected information using a specially crafted HTML page. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.3 Safari versions prior to 11.1 iCloud versions prior to 7.4 on Windows iTunes versions prior to 12.7.4 on Windows tvOS versions prior to 11.3 **Description** The issue involves the `WebKit` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 11.3, update to version 11.3 or later. For Safari versions prior to 11.1, update to version 11.1 or later. For iCloud versions prior to 7.4 on Windows, update to version 7.4 or later. For iTunes versions prior to 12.7.4 on Windows, update to version 12.7.4 or later. For tvOS versions prior to 11.3, update to version 11.3 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge in Microsoft Windows 10 version 1703 **Description** A security feature bypass issue exists due to Microsoft Edge not properly enforcing same-origin policies. This could allow an attacker to access information from origins outside the current one. To exploit this issue, an attacker would need to trick a user into loading a page or visiting a website. **Recommendations** For Microsoft Edge in Microsoft Windows 10 version 1703, consider restricting access to sensitive information until a proper fix is applied, and ensure users are cautious when loading pages or visiting websites from unknown origins. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge in Microsoft Windows versions prior to the fixed version **Description** A security issue exists where Microsoft Edge fails to properly validate certain specially crafted documents, allowing an attacker to trick a user into loading a page with malicious content. This is due to the Edge Content Security Policy (CSP) failing to correctly apply the Same Origin Policy for HTML elements present in other browser windows. **Recommendations** For Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a version that includes the fix for this issue. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** A security feature bypass issue exists, allowing for the bypassing of Mixed Content warnings. This could enable the loading of unsecure content (HTTP) from secure locations (HTTPS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a lack of protection for sensitive data in Microsoft Edge, which can be exploited by a remote attacker using a specially crafted website to obtain confidential information from the process memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxml2 (affected versions not specified) **Description** The issue is related to the `htmlParseComment` function in `HTMLparser.c` of the libxml2 library, caused by a buffer overflow. This can be exploited by a remote attacker using an unclosed HTML comment to obtain sensitive information, cause a denial of service (application crash due to out-of-bounds heap memory access), or have other unspecified impacts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.