Big Sleep

**Name of the Vulnerable Software and Affected Versions** WebKit versions prior to 18.7.2 **Description** A buffer overflow exists in the WebKit web page rendering module of iOS and iPadOS. This issue is due to insufficient bounds checking when processing data. Successful exploitation could allow a remote attacker to cause a denial-of-service condition, potentially leading to an unexpected process crash. Google’s AI-powered cybersecurity agent, Big Sleep, discovered this issue. **Recommendations** Update to version 18.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 watchOS versions prior to 26.1 Safari versions prior to 26.1 visionOS versions prior to 26.1 **Description** A use-after-free issue existed due to improper memory management. Processing maliciously crafted web content may lead to an unexpected Safari crash. **Recommendations** Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later. Update to watchOS version 26.1 or later. Update to Safari version 26.1 or later. Update to visionOS version 26.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 139.0.7258.138 **Description** An out-of-bounds write issue exists in the V8 JavaScript engine. This flaw allows a remote attacker to potentially exploit heap corruption—a condition where memory allocated in the heap is overwritten beyond its intended boundary—via a specially crafted HTML page. Successful exploitation could lead to arbitrary code execution, denial of service, or information disclosure. **Recommendations** Update Google Chrome to version 139.0.7258.138 or higher.