David Sievers

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 149.0.7827.53 **Description** A use after free issue in WebShare allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 125.0.6422.76 **Description** The issue is related to a heap buffer overflow in the ANGLE library used by Google Chrome, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This can potentially lead to the execution of arbitrary code. The vulnerability is associated with a type confusion error that can be activated on a specially crafted malicious HTML page. **Recommendations** For Google Chrome versions prior to 125.0.6422.76, update to version 125.0.6422.76 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could exploit the heap buffer overflow in the ANGLE library. Restrict access to potentially malicious web content to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in the Popup Blocker, allowing a remote attacker to bypass navigation restrictions through a crafted HTML page. This could potentially impact the integrity of data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until a patch is available.