Zhong Zhaochen

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 83.0.4103.61 **Descrição** O problema está relacionado a uma implementação inadequada no mecanismo de compartilhamento do Google Chrome, que pode ser explorada por um invasor remoto para falsificar a interface de segurança por meio de uma página HTML maliciosa. Isso pode afetar a integridade dos dados. **Recomendações** Para versões anteriores à 83.0.4103.61, atualize para a versão 83.0.4103.61 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do Google Chrome anteriores à 80.0.3987.87 **Descrição** O problema está relacionado à aplicação insuficiente das políticas no CORS, permitindo que um invasor local obtenha informações potencialmente confidenciais por meio de uma página HTML maliciosa. Isso poderia permitir que um invasor obtivesse acesso não autorizado às informações. **Recomendações** Para versões do Google Chrome anteriores à 80.0.3987.87, atualize para a versão 80.0.3987.87 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Microsoft browsers (affected versions not specified) **Description** A remote code execution issue exists due to the way Microsoft browsers access objects in memory. This could allow an attacker to execute arbitrary code in the context of the current user by corrupting memory. If the current user has administrative rights, the attacker could gain control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Synology Note Station versions prior to 2.5.3-0863 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `object id` parameter. **Recommendations** For versions prior to 2.5.3-0863, update to version 2.5.3-0863 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `object id` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (affected versions not specified) Description: An information disclosure issue exists due to improper handling of objects in memory by Microsoft Edge. This could allow an attacker to obtain information that could be used to further compromise the user's system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge versions 10.0.14393.0 through 10.0.15063.0 Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 **Description** A remote code execution issue exists due to the way Microsoft scripting engines handle objects in memory, potentially allowing an attacker to execute arbitrary code in the context of the current user. This could be achieved by corrupting memory, and if the current user has administrative rights, an attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Edge in Windows 10 1607, update to a version that fixes the memory corruption issue. For Microsoft Edge in Windows 10 1703, apply the necessary patch to resolve the scripting engine vulnerability. For Microsoft Edge in Windows Server 2016, ensure that all security updates are applied to prevent exploitation of the vulnerability. As a temporary workaround, consider restricting access to sensitive data and limiting user privileges to minimize the risk of exploitation until a patch is available.