Gelatin Dessert

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.88 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient data validation in the Dawn component, which can be exploited by a remote attacker to execute arbitrary code via a crafted HTML page. This can be achieved by creating a specially designed HTML page. **Recommendations** For Google Chrome versions prior to 127.0.6533.88, update to version 127.0.6533.88 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.88 Microsoft Edge (affected versions not specified) **Description** The issue is related to the use of uninitialized variables in the Dawn component, which implements the WebGPU specification. This could allow a remote attacker to potentially perform out of bounds memory access via a crafted HTML page, bypassing the sandbox protection mechanism and executing arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 127.0.6533.88, update to version 127.0.6533.88 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.54 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the Dawn component, which may allow a remote attacker to execute arbitrary code via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The attacker can exploit this issue by using a specially crafted HTML page. **Recommendations** For Google Chrome versions prior to 126.0.6478.54, update to version 126.0.6478.54 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.155 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free flaw in the ANGLE component, which can be exploited by a remote attacker to potentially corrupt the heap via a crafted HTML page. This could allow an attacker to execute arbitrary code. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 124.0.6367.155, update to version 124.0.6367.155 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.