Eran Rom

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** Insufficient validation of untrusted input in WebAppInstalls allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 133.0.6943.126 **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted web app, due to a use after free in the Network component. The severity of this issue is classified as Medium by Chromium. **Recommendations** For versions prior to 133.0.6943.126, update to version 133.0.6943.126 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted web apps to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.62 Microsoft Edge (affected versions not specified) **Description** The issue is related to the use of memory after it has been freed, which can be exploited by an attacker to potentially cause a denial of service. This can be achieved by convincing a user to install a specially crafted extension, allowing the attacker to exploit heap corruption. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Google Chrome versions prior to 107.0.5304.62, update to version 107.0.5304.62 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.