Clement Lecigne

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 137.0.7151.68 Microsoft Edge versions prior to 137.0.7151.68 Opera versions prior to 119.0.5497.70 Opera GX versions prior to 119.0.5497.68 Chromium versions prior to 137.0.7151.68 **Description** Google Chrome, Microsoft Edge, Opera, and Opera GX are affected by a high-severity zero-day vulnerability (CVE-2025-5419) in the V8 JavaScript engine. This vulnerability is an out-of-bounds read and write flaw that allows a remote attacker to potentially execute arbitrary code, leading to heap corruption via a crafted HTML page. The vulnerability is actively exploited in the wild. Attackers can exploit this flaw by luring victims to malicious websites. The vulnerability affects the V8 JavaScript and WebAssembly engine. **Recommendations** Google Chrome versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later. Microsoft Edge versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later. Opera versions prior to 119.0.5497.70: Update to version 119.0.5497.70 or later. Opera GX versions prior to 119.0.5497.68: Update to version 119.0.5497.68 or later. Chromium versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a weakness in the Linux kernel's network, specifically in the ` dst negative advice()` function, which does not enforce proper RCU rules when `sk->dst cache` must be cleared, leading to possible use-after-free (UAF). This could allow remote code execution with system execution privileges needed, and user interaction is not required for exploitation. The vulnerability has been actively exploited in real-world scenarios, posing a severe risk to Android users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.1.2 iPadOS versions prior to 17.1.2 macOS Sonoma versions prior to 14.1.2 Safari versions prior to 17.1.2 **Description** A memory corruption issue was addressed with improved locking, which may lead to arbitrary code execution when processing web content. This issue is reportedly exploited against versions of iOS before iOS 16.7.1. The vulnerability is caused by a buffer overflow in the WebKit module, allowing an attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 17.1.2, update to iOS 17.1.2 or later. For iPadOS versions prior to 17.1.2, update to iPadOS 17.1.2 or later. For macOS Sonoma versions prior to 14.1.2, update to macOS Sonoma 14.1.2 or later. For Safari versions prior to 17.1.2, update to Safari 17.1.2 or later. As a temporary workaround, consider restricting access to web content to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17.1.2 iPadOS versions prior to 17.1.2 macOS Sonoma versions prior to 14.1.2 Safari versions prior to 17.1.2 **Description** The issue is related to an out-of-bounds read in the WebKit web browser engine, which may allow an attacker to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. **Recommendations** For iOS versions prior to 17.1.2, update to iOS 17.1.2 or later. For iPadOS versions prior to 17.1.2, update to iPadOS 17.1.2 or later. For macOS Sonoma versions prior to 14.1.2, update to macOS Sonoma 14.1.2 or later. For Safari versions prior to 17.1.2, update to Safari 17.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office and Windows versions (affected versions not specified) **Description** This issue is a remote code execution vulnerability affecting Microsoft Office and Windows systems. It stems from flaws in how input data is processed, specifically related to Office and Windows HTML. Successful exploitation allows attackers to execute arbitrary code remotely, potentially impacting the system. The vulnerability has been actively exploited in the wild by threat actors, including the RomCom (Storm-0978) group, who have used it to deploy Underground Ransomware. The vulnerability allows attackers to bypass Mark of the Web (MOTW) defenses. The exploitation involves a complex chain, potentially utilizing .search-ms files and CHM files. The vulnerability was initially identified as CVE-2023-36884 and has been exploited in targeted attacks against organizations in Europe and North America. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. The issue is related to missing locks in `SNDRV CTL IOCTL ELEM {READ|WRITE}32` that can be used in a use-after-free, resulting in a privilege escalation to gain ring0 access from the system user. The vulnerability can be exploited to cause a denial of service and gain unauthorized access to protected information. It has been found exploited in the wild, affecting Linux systems. **Recommendations** To resolve the issue, upgrade past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e. As a temporary workaround, consider restricting access to the vulnerable `SNDRV CTL IOCTL ELEM {READ|WRITE}32` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.94 **Description** The issue is related to a type confusion vulnerability in the V8 JavaScript engine of Google Chrome, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability has been exploited in the wild, and its severity is considered high. The vulnerability exists in how V8 handles the parsing of class static blocks within arrow function heads, particularly with the 'this' keyword. It leverages bytecode flushing for exploitation and is a non-trivial feedback slot type confusion in V8. **Recommendations** For Google Chrome versions prior to 108.0.5359.94, update to version 108.0.5359.94 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.121 **Description** The issue is related to a heap buffer overflow in the GPU component of Google Chrome, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The severity of this issue is classified as High by Chromium. This vulnerability can be exploited by a remote attacker, potentially leading to a sandbox escape. **Recommendations** For Google Chrome versions prior to 107.0.5304.121, update to version 107.0.5304.121 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable GPU components until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 95.0.4638.69 **Description** The issue is related to insufficient validation of untrusted input in Intents, allowing a remote attacker to redirect the browser to a malicious URL via a crafted HTML page. This can be exploited by a remote attacker to gain access to the system. **Recommendations** For Google Chrome on Android versions prior to 95.0.4638.69, update to version 95.0.4638.69 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.101 **Description** The issue is related to a type confusion in V8, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability is caused by incorrect type handling in the JavaScript engine V8. It has been reported that this vulnerability was exploited in real-world attacks. **Recommendations** For Google Chrome versions prior to 91.0.4472.101, update to version 91.0.4472.101 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit the type confusion vulnerability in V8. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 12.5.2 Apple iOS versions prior to 14.4.2 Apple iPadOS versions prior to 14.4.2 Apple watchOS versions prior to 7.3.3 Description: This issue is related to the WebKit module in Apple's operating systems, which may allow a remote attacker to perform cross-site scripting attacks by processing maliciously crafted web content. Apple is aware of a report that this issue may have been actively exploited. The estimated number of potentially affected devices worldwide is not specified. Recommendations: For Apple iOS versions prior to 12.5.2, update to iOS 12.5.2 or later. For Apple iOS versions prior to 14.4.2, update to iOS 14.4.2 or later. For Apple iPadOS versions prior to 14.4.2, update to iPadOS 14.4.2 or later. For Apple watchOS versions prior to 7.3.3, update to watchOS 7.3.3 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.4.1 iPadOS versions prior to 14.4.1 Safari versions prior to 14.0.3 watchOS versions prior to 7.3.2 macOS Big Sur versions prior to 11.2.3 Description: A memory corruption issue was addressed with improved validation. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to insufficient input validation in the WebKit module used by the Safari browser, which could allow a remote attacker to execute arbitrary code using a specially crafted malicious web page. Recommendations: For iOS versions prior to 14.4.1, update to iOS 14.4.1 or later. For iPadOS versions prior to 14.4.1, update to iPadOS 14.4.1 or later. For Safari versions prior to 14.0.3, update to Safari 14.0.3 or later. For watchOS versions prior to 7.3.2, update to watchOS 7.3.2 or later. For macOS Big Sur versions prior to 11.2.3, update to macOS Big Sur 11.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.122 **Description** The issue is related to a type confusion in the V8 engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The vulnerability has been reportedly exploited in real-world incidents, including a case where it was used to achieve remote code execution on a Tesla Model 3. **Recommendations** For versions prior to 80.0.3987.122, update to version 80.0.3987.122 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling JavaScript execution in untrusted contexts until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.4 macOS Mojave versions prior to 10.14.3 Supplemental Update **Description** A memory corruption issue was addressed with improved input validation, allowing an application to potentially gain elevated privileges. The issue is related to a buffer overflow in dynamic memory. **Recommendations** For iOS versions prior to 12.1.4, update to iOS 12.1.4 or later to resolve the issue. For macOS Mojave versions prior to 10.14.3 Supplemental Update, apply the macOS Mojave 10.14.3 Supplemental Update to fix the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.4 **Description** A memory corruption issue was addressed with improved input validation, allowing an application to potentially execute arbitrary code with kernel privileges. The issue is related to a buffer overflow in dynamic memory. **Recommendations** For iOS versions prior to 12.1.4, update to iOS 12.1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 9 through 11 **Description** The issue is caused by a memory corruption vulnerability in the scripting engine of Internet Explorer, allowing a remote attacker to execute arbitrary code with the help of a specially crafted web page. This could lead to the corruption of memory, enabling an attacker to execute code in the context of the current user. If the current user has administrative rights, the attacker could gain control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Internet Explorer versions 9 through 11, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC media player versions 0.9.0 through 1.1.12 **Description** The issue is related to a double free vulnerability in the `get chunk header` function. This vulnerability allows remote attackers to cause a denial of service, resulting in the application crashing, and possibly execute arbitrary code via a crafted TiVo file. **Recommendations** For versions 0.9.0 through 1.1.12, consider updating to a version that contains a fix for this issue, as using a crafted TiVo file could lead to a denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-1-alpha-smp versions 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc64 versions 2.6.26-1 linux-image-2.6.26-1-vserver-itanium versions 2.6.26-1 linux-headers-2.6.26-1-powerpc versions 2.6.26-1 linux-image-2.6.26-1-r4k-ip22 versions 2.6.26-1 kernel-s390-debug versions 2.6.26-1 kexec-tools versions 2.6.26-1 linux-image-2.6.26-1-vserver-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-itanium versions 2.6.26-1 linux-headers-2.6.26-1-all-i386 versions 2.6.26-1 linux-image-2.6.26-1-mckinley versions 2.6.26-1 linux-image-2.6.26-1-vserver-686-bigmem versions 2.6.26-1 um-host-install-initrd versions 2.6.26-1 kernel-iseries64-debuginfo versions 2.6.26-1 linux-headers-2.6.26-1-vserver-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-all-mipsel versions 2.6.26-1 linux-headers-2.6.26-1-vserver-s390x versions 2.6.26-1 module-init-tools-debugsource versions 2.6.26-1 linux-image-2.6.26-1-powerpc-smp versions 2.6.26-1 linux-headers-2.6.26-1-all-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-parisc versions 2.6.26-1 acerhk-kmp-debug versions 2.6.26-1 kernel-sn2 versions 2.6.26-1 linux-headers-2.6.26-1-common-openvz versions 2.6.26-1 kernel-xen-base versions 2.6.26-1 linux-headers-2.6.26-1-all-alpha versions 2.6.26-1 linux-headers-2.6.26-1-r4k-ip22 versions 2.6.26-1 linux-headers-2.6.26-1-mckinley versions 2.6.26-1 linux-headers-2.6.26-1-openvz-686 versions 2.6.26-1 linux-headers-2.6.26-1-vserver-686 versions 2.6.26-1 gspcav-kmp-debug versions 2.6.26-1 nouveau-kmp-debug versions 2.6.26-1 kernel-bigsmp-debuginfo versions 2.6.26-1 module-init-tools-debuginfo versions 2.6.26-1 linux-image-2.6.26-1-4kc-malta versions 2.6.26-1 linux-image-2.6.26-1-486 versions 2.6.26-1 linux-image-2.6.26-1-parisc-smp versions 2.6.26-1 linux-headers-2.6.26-1-all versions 2.6.26-1 linux-headers-2.6.26-1-s390x versions 2.6.26-1 linux-headers-2.6.26-1-sparc64-smp versions 2.6.26-1 kernel-pseries64 versions 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc versions 2.6.26-1 module-init-tools versions 2.6.26-1 kernel-pmac64 versions 2.6.26-1 linux-headers-2.6.26-1-parisc64-smp versions 2.6.26-1 kernel-s390x-debug versions 2.6.26-1 linux-image-2.6.26-1-sb1-bcm91250a versions 2.6.26-1 linux-headers-2.6.26-1-vserver-mckinley versions 2.6.26-1 linux-headers-2.6.26-1-all-ia64 versions 2.6.26-1 kernel-ec2-base versions 2.6.26-1 linux-image-2.6.26-1-vserver-sparc64 versions 2.6.26-1 ext4dev-kmp-default versions 2.6.26-1 linux-headers-2.6.26-1-all-hppa versions 2.6.26-1 linux-image-2.6.26-1-parisc64-smp versions 2.6.26-1 um-host-kernel versions 2.6.26-1 linux-headers-2.6.26-1-all-arm versions 2.6.26-1 linux-image-2.6.26-1-s390-tape versions 2.6.26-1 ocfs2-kmp-xen versions 2.6.26-1 linux-headers-2.6.26-1-4kc-malta versions 2.6.26-1 linux-headers-2.6.26-1-parisc-smp versions 2.6.26-1 kernel-um versions 2.6.26-1 kernel-default-extra versions 2.6.26-1 kernel-s390 versions 2.6.26-1 linux-headers-2.6.26-1-openvz-amd64 versions 2.6.26-1 linux-image-2.6.26-1-alpha-legacy versions 2.6.26-1 linux-image-2.6.26-1-openvz-686 versions 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc versions 2.6.26-1 linux-headers-2.6.26-1-s390 versions 2.6.26-1 linux-image-2.6.26-1-xen-686 versions 2.6.26-1 linux-headers-2.6.26-1-common versions 2.6.26-1 kernel-ppc64-debugsource versions 2.6.26-1 linux-image-2.6.26-1-686-bigmem versions 2.6.26-1 kernel-xenpae-debuginfo versions 2.6.26-1 linux-headers-2.6.26-1-sb1a-bcm91480b versions 2.6.26-1 linux-image-2.6.26-1-s390x versions 2.6.26-1 linux-image-2.6.26-1-parisc versions 2.6.26-1 **Description** The issue is related to multiple vulnerabilities in various Linux kernel packages. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The sock getsockopt function in the Linux kernel does not initialize a certain structure member, allowing local users to obtain potentially sensitive information from kernel memory via an SO BSDCOMPAT getsockopt request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.