86Ac1F1587B71893Ed2Ad792Cd7Dde32

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 149.0.7827.53 **Description** Insufficient validation of untrusted input in the Drag and Drop feature allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A sandbox escape is a technique used to break out of a restricted environment to gain unauthorized access to the underlying system. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.178 Chromium-based browsers (affected versions not specified) **Description** A use-after-free issue exists in Dawn, the WebGPU layer of Chromium. This flaw can be triggered by a remote attacker using a specially crafted HTML page. If the attacker has already compromised the renderer process, they can achieve arbitrary code execution. This issue has been observed in real-world attacks and is often used as part of multi-stage exploit chains to escape the browser sandbox and compromise the host system. **Recommendations** Update to version 146.0.7680.178 or later. Apply vendor-specific updates for other Chromium-based browsers. As a temporary workaround, consider disabling WebGPU or hardware acceleration and restrict access to untrusted web content.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.138 **Description** An integer overflow in ANGLE on Windows allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is too large to be stored in the allocated memory space. **Recommendations** Update to version 147.0.7727.138 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted HTML page. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An out of bounds read occurs in ANGLE, which is a compatibility layer between OpenGL ES and other graphics APIs. This issue allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.165 **Description** A use-after-free issue exists in Dawn within Google Chrome. This could allow a remote attacker to potentially perform a sandbox escape through a specially crafted HTML page. **Recommendations** Update Google Chrome to version 146.0.7680.165 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.165 **Description** A heap buffer overflow exists in the WebGL component of Google Chrome. This issue allows a remote attacker to perform an out-of-bounds memory read through a specially crafted HTML page. The security severity is rated as High. **Recommendations** Update Google Chrome to version 146.0.7680.165 or later.