David Manouchehri

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 102.0.5005.115 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in WebGPU, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution or denial of service. **Recommendations** For Google Chrome versions prior to 102.0.5005.115, update to version 102.0.5005.115 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96 Description: The issue is related to an uninitialized use in the USB component of Google Chrome, which can lead to out of bounds memory access. This could potentially allow a local attacker to impact the integrity, confidentiality, and availability of protected information via a USB device. Recommendations: For Google Chrome versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 81.0.4044.92 **Description** The issue is related to an out of bounds write in V8, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. **Recommendations** For versions prior to 81.0.4044.92, update to version 81.0.4044.92 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.149 **Description** The issue is related to a use after free error in WebGL, which can be exploited by a remote attacker to potentially access confidential data, compromise data integrity, and cause a denial of service. This can be achieved via a crafted HTML page, allowing the attacker to exploit heap corruption. **Recommendations** For versions prior to 80.0.3987.149, update to version 80.0.3987.149 or later to resolve the issue. As a temporary workaround, consider disabling WebGL until a patch is available. Restrict access to potentially malicious HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hitron devices (affected versions not specified) **Description** The issue allows attackers to obtain sensitive information by decrypting a backup configuration file. This is possible because the devices use a shared DES key, 578A958E3DD933FC, across different customers' installations. The `um auth account password` field contains a password hash that can be accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Valve Steam Link build 643 **Description** The issue is related to the use of the DES cryptographic protocol, which truncates root passwords longer than 8 characters. This could allow a remote attacker to gain access to the device with root privileges. **Recommendations** For Valve Steam Link build 643, consider changing the default password algorithm setting from DES to a more secure option to prevent password truncation. As a temporary workaround, restrict root account access and use strong passwords that are 8 characters or less until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.