Danny Y. Huang

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 68.0.3440.75 **Description** The issue is related to an information leak in the media engine of Google Chrome, which can be exploited by a remote attacker using a crafted HTML page. This allows the attacker to obtain potentially sensitive information from process memory. The vulnerability is also related to the Blink web page display mechanism and involves bypassing the Cross-origin resource sharing (CORS) mechanism, potentially allowing unauthorized access to protected information. **Recommendations** For Google Chrome versions prior to 68.0.3440.75, update to version 68.0.3440.75 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit the vulnerability in the media engine. Restrict access to sensitive information to minimize the risk of exploitation until the update is applied.