0X10N

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 139.0.7258.127 Microsoft Edge (Chromium-based) versions prior to 139.0.7258.127 **Description** A race condition exists in the V8 JavaScript engine component of Google Chrome and Microsoft Edge. This issue can allow a remote attacker to execute arbitrary code within a sandbox by crafting a malicious HTML page. The root cause is synchronization errors when using a shared resource. Exploitation of this issue could allow an attacker to bypass security measures and gain control of the affected system. There is no information available regarding the number of potentially affected devices or any real-world incidents where this issue has been exploited. **Recommendations** Update Google Chrome to version 139.0.7258.127 or later. Update Microsoft Edge to version 139.0.7258.127 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 133.0.6943.126 **Description** A heap buffer overflow in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue has a high security severity rating from Chromium. **Recommendations** For Google Chrome versions prior to 133.0.6943.126, update to version 133.0.6943.126 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap buffer overflow until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 131.0.6778.139 Chromium versions prior to 131.0.6778.139 **Description** A type confusion issue exists in the V8 JavaScript engine component of Google Chrome and Chromium. This issue could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. The vulnerability may allow an attacker to execute arbitrary code. **Recommendations** Update Google Chrome to version 131.0.6778.139 or later. Update Chromium to version 131.0.6778.139 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 131.0.6778.204 Microsoft Edge (affected versions not specified) **Description** The issue is related to a type confusion error in the V8 JavaScript engine, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to the execution of arbitrary code and full control over the system. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 131.0.6778.204, update to version 131.0.6778.204 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.69 Microsoft Edge (affected versions not specified) Description: The issue is related to a type confusion error in the V8 JavaScript engine, which can be exploited by a remote attacker using a specially crafted HTML page. This could potentially lead to heap corruption, affecting the confidentiality, integrity, and availability of protected information. Recommendations: For Google Chrome versions prior to 130.0.6723.69, update to version 130.0.6723.69 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 129.0.6668.100 Microsoft Edge versions (affected versions not specified) **Description** The issue is related to a type confusion error in the V8 JavaScript engine, which can be exploited by a remote attacker using a specially crafted HTML page. This can lead to out-of-bounds memory write and potentially impact the confidentiality, integrity, and availability of protected information. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 129.0.6668.100, update to version 129.0.6668.100 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.69 Description: The issue is related to a type confusion error in the V8 JavaScript engine used by Google Chrome and Microsoft Edge, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The severity of this issue is rated as High by Chromium. Recommendations: For Google Chrome versions prior to 130.0.6723.69, update to version 130.0.6723.69 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 129.0.6668.70 Microsoft Edge (affected versions not specified) **Description** The issue is related to a type confusion error in the V8 JavaScript engine, which can be exploited by a remote attacker to perform out of bounds memory access via a crafted HTML page. This could potentially allow the execution of arbitrary code. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 129.0.6668.70, update to version 129.0.6668.70 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.113 **Description** The issue is related to a type confusion in the V8 JavaScript engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 128.0.6613.113, update to version 128.0.6613.113 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the type confusion vulnerability in the V8 engine.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 Safari versions prior to 17.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 watchOS versions prior to 10.6 tvOS versions prior to 17.6 visionOS versions prior to 1.3 macOS Sonoma versions prior to 14.6 **Description** An out-of-bounds access issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to an unexpected process crash. **Recommendations** For iOS versions prior to 16.7.9, update to iOS 16.7.9 or later. For iPadOS versions prior to 16.7.9, update to iPadOS 16.7.9 or later. For Safari versions prior to 17.6, update to Safari 17.6 or later. For iOS versions prior to 17.6, update to iOS 17.6 or later. For iPadOS versions prior to 17.6, update to iPadOS 17.6 or later. For watchOS versions prior to 10.6, update to watchOS 10.6 or later. For tvOS versions prior to 17.6, update to tvOS 17.6 or later. For visionOS versions prior to 1.3, update to visionOS 1.3 or later. For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.182 Microsoft Edge versions (affected versions not specified) **Description** The issue is related to an out of bounds memory access in the V8 JavaScript engine, allowing a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This could enable the attacker to bypass security mechanisms, gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service by loading a specially crafted HTML page. **Recommendations** For Google Chrome versions prior to 126.0.6478.182, update to version 126.0.6478.182 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.114 **Description** The issue is related to a type confusion flaw in the V8 engine of Google Chrome, allowing a remote attacker to execute arbitrary code via a crafted HTML page. This can be achieved by accessing a resource using an incompatible type. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 126.0.6478.114, update to version 126.0.6478.114 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit this type confusion flaw in the V8 engine. Restrict access to potentially vulnerable resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 123.0.6312.86 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the WebCodecs component of Google Chrome, which can be exploited by a remote attacker to execute arbitrary code via a specially crafted HTML page. This can allow the attacker to perform arbitrary read/write operations. The vulnerability requires user interaction, as the target must visit a malicious page to be exploited. **Recommendations** For Google Chrome versions prior to 123.0.6312.86, update to version 123.0.6312.86 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.60 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the V8 JavaScript engine, which can be exploited by a remote attacker using a crafted HTML page, potentially leading to heap corruption. This could impact the confidentiality, integrity, and availability of protected information. The vulnerability was demonstrated at Pwn2Own 2024, showing its potential for remote code execution. **Recommendations** For Google Chrome versions prior to 124.0.6367.60, update to version 124.0.6367.60 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the V8 JavaScript engine or avoiding the use of specially crafted HTML pages until a patch is available.