Heapracer

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** Insufficient data validation in the Animation component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** An out of bounds read in WebCodecs allows a remote attacker to perform an out of bounds memory read by using a crafted video file. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.138 **Description** A use after free issue in Canvas allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This flaw has been exploited in real-world incidents. **Recommendations** Update to version 147.0.7727.138 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.178 **Description** A use after free issue exists in the WebCodecs component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote attacker can exploit this by using a crafted HTML page to execute arbitrary code inside a sandbox or cause a denial of service. **Recommendations** Update to version 146.0.7680.178 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A flaw exists in the WebGL implementation of Google Chrome that could allow a remote attacker to access sensitive information from process memory through a specially crafted HTML page. Recommendations Update Google Chrome to version 146.0.7680.178 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description An integer overflow existed in the Codecs component of Google Chrome. This allowed a remote attacker to potentially perform arbitrary read/write operations through a specially crafted HTML page. Recommendations Update Google Chrome to version 146.0.7680.178 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.153 **Description** A use-after-free issue exists in the Network component of Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium security severity is rated as High. **Recommendations** Update Google Chrome to version 146.0.7680.153 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.153 **Description** An out-of-bounds read issue exists in the Blink renderer of Google Chrome. This allows a remote attacker to perform an out-of-bounds memory read through a specially crafted HTML page. The Chromium security severity is rated as High. **Recommendations** Update Google Chrome to version 146.0.7680.153 or later.