Jake Archibald

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in HTML, allowing a remote attacker to perform UI spoofing via a crafted HTML page. This is due to insufficient access control in the HTML parser of the browsers. The exploitation of this issue may allow an attacker to gain unauthorized access to limited functional capabilities. **Recommendations** For Google Chrome versions prior to 127.0.6533.72, update to version 127.0.6533.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** A security feature bypass issue exists due to Microsoft Edge's improper handling of requests from different origins. This allows the browser to bypass Same-Origin Policy (SOP) restrictions and process requests that should be ignored. An attacker could exploit this to force the browser to send restricted data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.