Yuxiang Li

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 78.0.3904.108 **Description** The issue is related to a use after free in WebBluetooth, allowing a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 78.0.3904.108, update to version 78.0.3904.108 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 78.0.3904.108 **Description** The issue is related to an out of bounds memory access in WebBluetooth, allowing a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 78.0.3904.108, update to version 78.0.3904.108 or later to resolve the issue. As a temporary workaround, consider restricting access to WebBluetooth functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.1.1, 7.1.2 **Description** A elevation of privilege issue exists in the Android system ui, which is a component of the Android operating system. **Recommendations** For Android versions 7.1.1 and 7.1.2, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** The issue is related to insufficient access control in the Contacts component of the Android operating system. It allows a remote attacker to launch an application with the privileges of the current user. This vulnerability can enable a local malicious application to silently create contact information, bypassing user interaction requirements. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, update to a version that includes the fix for this issue, as specified by the Android security bulletin. At the moment, there is no information about a newer version that contains a fix for this vulnerability.