Huang Xilin

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 137.0.7151.103 **Description** A use-after-free vulnerability exists in the Media component of Google Chrome. This vulnerability could allow a remote attacker to exploit heap corruption through a crafted HTML page. Exploitation of this issue may impact the confidentiality, integrity, and availability of affected systems. **Recommendations** Update Google Chrome to version 137.0.7151.103 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 136.0.7103.92 **Description** A Use-After-Free vulnerability in Google Chrome's WebAudio API allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability enables remote attackers to manipulate memory and execute arbitrary code. This issue is particularly dangerous because it does not require any user privileges or extensive user interaction, making it an easy target for cybercriminals. **Recommendations** For Google Chrome versions prior to 136.0.7103.92, update to version 136.0.7103.92 or later to resolve the issue. As a temporary workaround, consider disabling the WebAudio API until a patch is available. Restrict access to the WebAudio component to minimize the risk of exploitation. Avoid using the WebAudio API in affected versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 Safari versions prior to 17.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 watchOS versions prior to 10.6 tvOS versions prior to 17.6 visionOS versions prior to 1.3 macOS Sonoma versions prior to 14.6 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to an unexpected process crash. **Recommendations** For iOS versions prior to 16.7.9, update to iOS 16.7.9 or later. For iPadOS versions prior to 16.7.9, update to iPadOS 16.7.9 or later. For Safari versions prior to 17.6, update to Safari 17.6 or later. For iOS versions prior to 17.6, update to iOS 17.6 or later. For iPadOS versions prior to 17.6, update to iPadOS 17.6 or later. For watchOS versions prior to 10.6, update to watchOS 10.6 or later. For tvOS versions prior to 17.6, update to tvOS 17.6 or later. For visionOS versions prior to 1.3, update to visionOS 1.3 or later. For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 Safari versions prior to 17.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 watchOS versions prior to 10.6 tvOS versions prior to 17.6 visionOS versions prior to 1.3 macOS Sonoma versions prior to 14.6 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to an unexpected process crash. **Recommendations** For iOS versions prior to 16.7.9, update to iOS 16.7.9 or later. For iPadOS versions prior to 16.7.9, update to iPadOS 16.7.9 or later. For Safari versions prior to 17.6, update to Safari 17.6 or later. For iOS versions prior to 17.6, update to iOS 17.6 or later. For iPadOS versions prior to 17.6, update to iPadOS 17.6 or later. For watchOS versions prior to 10.6, update to watchOS 10.6 or later. For tvOS versions prior to 17.6, update to tvOS 17.6 or later. For visionOS versions prior to 1.3, update to visionOS 1.3 or later. For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the Layout component, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This may potentially lead to the execution of arbitrary code. The severity of this issue is classified as Medium. **Recommendations** For Google Chrome versions prior to 127.0.6533.72, update to version 127.0.6533.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.7.9 iPadOS versions prior to 16.7.9 Safari versions prior to 17.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 watchOS versions prior to 10.6 tvOS versions prior to 17.6 visionOS versions prior to 1.3 macOS Sonoma versions prior to 14.6 Description: The issue is related to a use-after-free problem in the WebKit component, which can be exploited by a remote attacker to cause a denial of service. Processing maliciously crafted web content may lead to an unexpected process crash. Recommendations: For iOS versions prior to 16.7.9, update to iOS 16.7.9 or later. For iPadOS versions prior to 16.7.9, update to iPadOS 16.7.9 or later. For Safari versions prior to 17.6, update to Safari 17.6 or later. For iOS versions prior to 17.6, update to iOS 17.6 or later. For iPadOS versions prior to 17.6, update to iPadOS 17.6 or later. For watchOS versions prior to 10.6, update to watchOS 10.6 or later. For tvOS versions prior to 17.6, update to tvOS 17.6 or later. For visionOS versions prior to 1.3, update to visionOS 1.3 or later. For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.199 **Description** The issue is related to a use after free vulnerability in the WebAudio component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 120.0.6099.199, update to version 120.0.6099.199 or later to resolve the issue. As a temporary workaround, consider restricting access to WebAudio functionalities until the update is applied. Avoid using crafted HTML pages that could exploit the vulnerability in the meantime.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 119.0.6045.199 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the WebAudio component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 119.0.6045.199, update to version 119.0.6045.199 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 119.0.6045.123 **Description** The issue is related to a use after free vulnerability in the WebAudio component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability may enable an attacker to execute arbitrary code. The vulnerability was highlighted in the "Tianfu Cup 2023". **Recommendations** For Google Chrome versions prior to 119.0.6045.123, update to version 119.0.6045.123 or later to resolve the issue. As a temporary workaround, consider disabling the WebAudio component until a patch is available. Restrict access to crafted HTML pages to minimize the risk of exploitation.