Ahmed Elmasry

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 132.0.6834.83 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the Payments component of Google Chrome and Microsoft Edge, allowing a remote attacker to bypass authentication via spoofing. This can enable the attacker to perform UI spoofing using a crafted HTML page, potentially allowing them to bypass existing security restrictions. The attacker must convince the user to engage in specific UI gestures. **Recommendations** For Google Chrome versions prior to 132.0.6834.83, update to version 132.0.6834.83 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Payments component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.60 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in Site Isolation, which can be exploited by a remote attacker to bypass navigation restrictions via a crafted HTML page. This could allow the attacker to access confidential information. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Google Chrome versions prior to 124.0.6367.60, update to version 124.0.6367.60 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.60 **Description** The issue is related to an inappropriate implementation in Prompts, which may allow a remote attacker to perform UI spoofing via a crafted HTML page if a user is convinced to engage in specific UI gestures. This could potentially lead to the exposure of confidential information. **Recommendations** For Google Chrome versions prior to 124.0.6367.60, update to version 124.0.6367.60 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit this issue until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 121.0.6167.85 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the Autofill feature, allowing a remote attacker to bypass Autofill restrictions via a crafted HTML page. This could potentially impact the integrity of data. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Google Chrome versions prior to 121.0.6167.85, update to version 121.0.6167.85 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 118.0.5993.70 **Description** The issue is related to an inappropriate implementation in the Autofill feature of Google Chrome, which may allow a remote attacker to bypass autofill restrictions. This can be achieved by loading a specially crafted HTML page, potentially affecting the integrity of protected information. **Recommendations** For versions prior to 118.0.5993.70, update to version 118.0.5993.70 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Autofill feature until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 117.0.5938.62 **Description** The issue is related to an inappropriate implementation in Custom Mobile Tabs, allowing a remote attacker to spoof security UI via a crafted HTML page. This could enable an attacker to manipulate the user interface, potentially leading to security issues. The severity of this issue is classified as Medium. **Recommendations** For Google Chrome on Android versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue. As a temporary workaround, consider restricting access to Custom Mobile Tabs until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 117.0.5938.62 **Description** The issue is related to insufficient policy enforcement in the Autofill feature of Google Chrome, allowing a remote attacker to bypass Autofill restrictions via a crafted HTML page. This could potentially lead to security breaches. The severity of this issue is classified as Low by Chromium. **Recommendations** For versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue. As a temporary workaround, consider disabling the Autofill feature until a patch is available. Restrict access to potentially vulnerable HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.62 **Description** The issue is related to an inappropriate implementation in the Autofill feature of Google Chrome, allowing a remote attacker to bypass Autofill restrictions via a crafted HTML page. This could enable an attacker to gain unauthorized access to protected information. The severity of this issue is classified as Low by Chromium. **Recommendations** For Google Chrome versions prior to 120.0.6099.62, update to version 120.0.6099.62 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Autofill feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 115.0.5790.98 **Description** The issue is related to an inappropriate implementation in Web API Permission Prompts in Google Chrome, which may allow a remote attacker to obfuscate security UI via a crafted HTML page. This could potentially lead to the attacker gaining access to confidential information. **Recommendations** For versions prior to 115.0.5790.98, update to version 115.0.5790.98 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the vulnerability in Web API Permission Prompts.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a security feature bypass in Microsoft Edge, where an attacker can exploit it to bypass security restrictions and perform cross-site scripting attacks using a specially crafted malicious web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 111.0.5563.64 **Description** The issue is related to insufficient policy enforcement in the Extensions API, allowing an attacker to bypass navigation restrictions by convincing a user to install a malicious extension. This can be achieved via a crafted Chrome Extension. **Recommendations** For versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 110.0.5481.77 **Description** The issue is related to the implementation of full screen mode in Google Chrome, specifically concerning errors in data type mixing. This can be exploited by a remote attacker using a specially crafted HTML page to alter the user interface content. The attacker can spoof the security UI, potentially deceiving users. **Recommendations** For versions prior to 110.0.5481.77, update to version 110.0.5481.77 or later to resolve the issue. As a temporary workaround, consider restricting the use of full screen mode until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in Microsoft Edge, which is associated with errors in security settings. An attacker could exploit this vulnerability to disclose protected information using a specially crafted link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 113.0.5672.126 **Description** The issue is related to an inappropriate implementation in WebApp Installs, allowing an attacker to bypass security restrictions. This can be achieved by convincing a user to install a malicious web app via a crafted HTML page. The attacker, acting remotely, can exploit this to bypass the install dialog. **Recommendations** For versions prior to 113.0.5672.126, update to version 113.0.5672.126 or later to resolve the issue. As a temporary workaround, consider restricting the installation of web apps to minimize the risk of exploitation. Avoid using crafted HTML pages that could bypass the install dialog until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome for Android versions prior to 111.0.5563.64 **Description** The issue is related to insufficient policy enforcement in the Autofill function of Google Chrome for Android. This can be exploited by a remote attacker using a specially crafted HTML page to gain unauthorized access to protected information, potentially leaking cross-origin data. **Recommendations** For versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. As a temporary workaround, consider disabling the Autofill function until a patch is available. Restrict access to sensitive information when using Google Chrome for Android on affected versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a spoofing vulnerability in Microsoft Edge and Google Chrome browsers, stemming from inadequate protection of web page structure. This could allow a remote attacker to conduct spoofing attacks by opening a specially crafted malicious file or link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in Autofill, allowing a remote attacker to bypass autofill restrictions via a crafted HTML page. This can be achieved by exploiting a vulnerability related to the use of memory after it has been freed, potentially impacting data integrity. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.