303F06E3

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An inappropriate implementation in V8, the open-source JavaScript and WebAssembly engine, allows a remote attacker to execute arbitrary code within a sandbox by enticing a user to open a specially crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome (affected versions not specified) **Description** A flaw exists in the JavaScript engine V8 within the Google Chrome browser, relating to incorrect security checks for standard elements. Successful exploitation could allow a remote attacker to gain read and delete access to data using a crafted HTML page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 132.0.6834.110 **Description** The issue is related to object corruption in the V8 engine of Google Chrome, which can lead to heap corruption. A remote attacker can potentially exploit this via a crafted HTML page, affecting the confidentiality, integrity, and availability of protected information. The severity of this issue is considered high. **Recommendations** For versions prior to 132.0.6834.110, update to version 132.0.6834.110 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap corruption until a patch is applied. Restrict access to sensitive information and ensure that all security updates are installed as soon as they become available. At the moment, there is no additional information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 133.0.6943.53 **Description** A remote attacker could potentially exploit heap corruption via a crafted HTML page, leveraging a use after free issue in V8. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. Technical details include the exploitation of heap corruption through a manipulated HTML page. **Recommendations** For Google Chrome versions prior to 133.0.6943.53, update to version 133.0.6943.53 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the use after free vulnerability in V8 until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Chromium versions prior to 131.0.6778.204 Google Chrome versions prior to 131.0.6778.204 Microsoft Edge (affected versions not specified) **Description** A vulnerability exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge browsers. This vulnerability is an out-of-bounds write issue that occurs during the processing of HTML content. Successful exploitation could allow a remote attacker to execute arbitrary code, cause a denial of service, or potentially gain further control over the affected system. Recent reports indicate that exploitation of this vulnerability, specifically CVE-2025-6554 (a use-after-free bug within V8), is actively occurring in the wild. A related vulnerability, CVE-2024-12695, allowed arbitrary read and write operations in memory through the `Object.assign()` function and was also actively exploited. **Recommendations** Chromium versions prior to 131.0.6778.204: Upgrade to version 131.0.6778.204 or later. Google Chrome versions prior to 131.0.6778.204: Upgrade to version 131.0.6778.204 or later. Microsoft Edge (affected versions not specified): Upgrade to the latest available version.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 131.0.6778.204 **Description** The issue is related to an out of bounds memory access in the V8 JavaScript engine, which can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This can potentially lead to arbitrary code execution or denial of service. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 131.0.6778.204, update to version 131.0.6778.204 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.