Cassidy6564

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** A heap buffer overflow in SwiftShader allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. A heap buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold, potentially allowing access to adjacent memory locations. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 130.0.6723.92 Microsoft Edge versions prior to the fixed version (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the implementation of WebRTC technology in Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing them to impact the confidentiality, integrity, and availability of data. The vulnerability is associated with heap corruption. **Recommendations** For Google Chrome versions prior to 130.0.6723.92, update to version 130.0.6723.92 or later to resolve the issue. For Microsoft Edge, apply the latest security update that fixes the WebRTC vulnerability. As a temporary workaround, consider restricting access to WebRTC functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.119 **Description** The issue is related to an out of bounds write in the V8 JavaScript engine of Google Chrome and Microsoft Edge browsers. This can allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, impacting the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 128.0.6613.119, update to version 128.0.6613.119 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit the out of bounds write vulnerability in the V8 engine.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.99 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the WebAudio component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to execute arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 127.0.6533.99, update to version 127.0.6533.99 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.119 **Description** The issue is related to a use after free flaw in the WebAudio component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 128.0.6613.119, update to version 128.0.6613.119 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WebAudio in Google Chrome until the update is applied.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.126 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free vulnerability in the SwiftShader library, which can be exploited by a remote attacker using a specially crafted HTML page, potentially leading to heap corruption and allowing the execution of arbitrary code. Recommendations: For Google Chrome versions prior to 126.0.6478.126, update to version 126.0.6478.126 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 125.0.6422.141 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the WebRTC implementation of Google Chrome and Microsoft Edge, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 125.0.6422.141, update to version 125.0.6422.141 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.155 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the WebAudio component, which can be exploited by a remote attacker to potentially execute arbitrary code. This can be achieved via a crafted HTML page, allowing for heap corruption. The `RADH::OnRenderError` function call is involved, assuming the validity of the associated `AudioContext` and accessing GC-managed objects. **Recommendations** For Google Chrome versions prior to 124.0.6367.155, update to version 124.0.6367.155 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free vulnerability in the Media Session API implementation. This could allow a remote attacker to execute arbitrary code by loading a specially crafted HTML page. The estimated number of potentially affected devices is not specified. Recommendations: For Google Chrome versions prior to 125.0.6422.141, update to version 125.0.6422.141 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A use-after-free issue existed in the Navigation component of Google Chrome. This allowed a remote attacker to potentially execute arbitrary code within a sandbox environment by using a specially crafted HTML page. The Chromium security severity is rated as Medium. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 123.0.6312.86 **Description** The issue is related to a use after free vulnerability in the ANGLE library of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability has been reported as having an exploit in the wild and is considered critical by Chromium. **Recommendations** For Google Chrome versions prior to 123.0.6312.86, update to version 123.0.6312.86 or later to address the vulnerability. As a temporary workaround, consider restricting access to potentially vulnerable API endpoints until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 123.0.6312.58 **Description** The issue is related to an out of bounds read in Swiftshader, a library used by Google Chrome. This allows a remote attacker to perform out of bounds memory access via a crafted HTML page, potentially leading to unauthorized access to protected information. The severity of this issue is classified as Medium by Chromium security. **Recommendations** For versions prior to 123.0.6312.58, update to version 123.0.6312.58 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the out of bounds read in Swiftshader until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 122.0.6261.57 Description: The issue is related to a use after free in DevTools, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to execute arbitrary code. The severity of this issue is considered medium. Recommendations: For versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 122.0.6261.57 **Description** The issue is related to a use after free vulnerability in the Mojo library of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code by exploiting the vulnerability via a crafted HTML page. **Recommendations** For versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 110.0.5481.77 **Description** The issue is related to a use after free in the GPU, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. **Recommendations** For versions prior to 110.0.5481.77, update to version 110.0.5481.77 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 109.0.5414.119 **Description** The issue is related to a use after free in WebTransport, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The severity of this issue is considered high. **Recommendations** For versions prior to 109.0.5414.119, update to version 109.0.5414.119 or later to resolve the issue. As a temporary workaround, consider restricting access to WebTransport until a patch is applied.