Hugo Hue

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 94.0.4606.54 **Description** The issue is related to inappropriate implementation in ChromeOS Networking, allowing a remote attacker with a rogue wireless access point to potentially carry out a wifi impersonation attack via a crafted ONC file. This could enable the attacker to gain privileged access to the infrastructure. **Recommendations** For Google Chrome on ChromeOS versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to wireless networks until the update is applied. Avoid using crafted ONC files in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) Description: The issue is related to errors in information representation in the Network Config UI of Google Chrome and Microsoft Edge browsers. It allows a remote attacker to potentially conduct spoofing attacks using a specially crafted web page. The vulnerability can also compromise WiFi connection security via a malicious WAP. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.