Barath Stalin K

**Name of the Vulnerable Software and Affected Versions** Firefox for iOS versions prior to 151.1 **Description** Firefox for iOS incorrectly displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) within link preview UI surfaces. A crafted RTL hostname could visually reorder parts of the displayed domain, potentially making attacker-controlled sites appear as trusted origins. **Recommendations** Update to version 151.1.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** A flaw in the WebAppInstalls component of Google Chrome allowed a remote attacker to perform UI spoofing through a specially crafted HTML page. The Chromium security severity is rated as Medium. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** An incorrect security user interface in the PictureInPicture feature in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to perform UI spoofing through a crafted HTML page. The Chromium security severity is rated as Low. The attack involves manipulating an HTML page to create a deceptive user interface within the PictureInPicture mode. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** A flaw exists in Google Chrome's DevTools due to insufficient policy enforcement. This allows a remote attacker to bypass navigation restrictions by using a specially crafted HTML page. The Chromium security severity is rated as Low. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge for iOS (affected versions not specified) **Description** The issue involves a user interface misrepresentation of critical information in Microsoft Edge for iOS, allowing an unauthorized attacker to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.