Jasper Rebane

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.96 **Description** The issue is related to an inappropriate implementation in Permission Prompts, allowing a remote attacker to obfuscate security UI via a crafted HTML page. This could potentially lead to the attacker gaining access to confidential information. The severity of this issue is classified as Medium by Chromium. **Recommendations** For Google Chrome versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the vulnerability in Permission Prompts until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.90 **Description** The issue is related to an inappropriate implementation in the Extensions API, allowing an attacker to spoof the contents of the UI via a crafted Chrome Extension if a user is convinced to install a malicious extension. This is due to insufficient data validation. The severity of this issue is considered low. **Recommendations** For versions prior to 114.0.5735.90, update to version 114.0.5735.90 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 113.0.5672.63 **Description** The issue is related to an inappropriate implementation in Prompts, allowing a remote attacker to spoof the contents of the security UI via a crafted HTML page. This could potentially be used for phishing attacks. The severity of this issue is classified as Low. **Recommendations** For versions prior to 113.0.5672.63, update to version 113.0.5672.63 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 112.0.5615.49 **Description** The issue is related to an inappropriate implementation in the FedCM component of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page to bypass navigation restrictions. This could potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 112.0.5615.49, update to version 112.0.5615.49 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 109.0.5414.74 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in permission prompts, allowing a remote attacker to force acceptance of a permission prompt via a crafted HTML page. This could potentially lead to unauthorized access to protected information. The severity of this issue is classified as Medium by Chromium. **Recommendations** For Google Chrome versions prior to 109.0.5414.74, update to version 109.0.5414.74 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to a lack of proper clearing of the previous site before loading alerts from a new one in Blink, allowing a remote attacker to perform domain spoofing via a crafted HTML page. This is due to errors in security settings. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue.