Jun Kokatsu

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Copilot (affected versions not specified) **Description** This issue involves an information disclosure within the Microsoft 365 Copilot BizChat feature. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (Chromium-based) (affected versions not specified) Description: The issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (affected versions not specified) Description: The issue is related to errors in using standard permissions in Microsoft Edge, allowing a remote attacker to disclose protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (Chromium-based) (affected versions not specified) Description: The issue is related to insufficient access control, allowing a remote attacker to disclose protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (Chromium-based) (affected versions not specified) Description: The issue is related to insufficient protection of the web page structure in Microsoft Edge, allowing a remote attacker to conduct spoofing attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to insufficient access control, allowing a remote attacker to gain unauthorized access to protected information. The vulnerability can be exploited to trick users into revealing sensitive information without their knowledge. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in Microsoft Edge. It can be exploited by a remote attacker using a specially crafted HTML page to bypass existing security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) versions prior to 121.0.2277.83 **Description** The issue is related to the exploitation of Microsoft Edge's Marketing API, allowing attackers to covertly install browser extensions without user consent. This could lead to a privilege escalation threat. The vulnerability was actively exploited and has been patched by Microsoft. Users are advised to update to the latest version to ensure a secure browsing experience. **Recommendations** For versions prior to 121.0.2277.83, update to version 121.0.2277.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the Marketing API until a patch is applied. Avoid using the private API intended for marketing purposes in the affected browser versions.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to incorrect data processing in Microsoft Edge, allowing a remote attacker to perform a spoofing attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Edge, allowing a remote attacker to potentially elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to insufficient protection of service data in Microsoft Edge, which could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 114 **Description** The issue is related to how Firefox handles site-isolated processes for documents loaded from data: URLs that result from redirects. Previously, Firefox would load such documents in the same process as the site that issued the redirect, bypassing site-isolation protections against Spectre-like attacks on sites hosting an "open redirect". Firefox has been updated to no longer follow HTTP redirects to data: URLs, addressing this issue. The vulnerability can be exploited by a remote attacker to bypass security restrictions and redirect a user to an arbitrary URL. **Recommendations** For versions prior to 114, update to Firefox version 114 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in security settings, allowing a remote attacker to bypass security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue is related to an inappropriate implementation in the referrer component of Google Chrome, which allowed a remote attacker to bypass navigation restrictions. This could be achieved via a specially crafted HTML page, potentially leading to the disclosure of protected information. **Recommendations** For Google Chrome versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.212 **Description** The issue is related to a heap buffer overflow in Reader Mode, which can be exploited by a remote attacker using a specially crafted HTML page. This could allow the attacker to access confidential data, compromise data integrity, and cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 90.0.4430.212, update to version 90.0.4430.212 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Reader Mode until a patch is available. Restrict access to crafted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 85.0.4183.83 **Description** The issue is related to insufficient policy enforcement in Navigation, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potentially affect a significant number of devices worldwide, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 85.0.4183.83, update to version 85.0.4183.83 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of cross-origin data leakage.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 87.0.4280.66 **Description** The issue is related to an inappropriate implementation in cookies, allowing a remote attacker to bypass cookie restrictions via a crafted HTML page. This could potentially lead to unauthorized access to protected information. The vulnerability is associated with errors in the implementation of security checks for standard elements in the cookie handling mechanism of Google Chrome. **Recommendations** For Google Chrome versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 89.0.4389.72 **Description** The issue is related to an inappropriate implementation in site isolation, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could impact the confidentiality and availability of protected information. **Recommendations** For versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 83.0.4103.61 **Description** The issue is related to insufficient policy enforcement in payments, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. This could potentially impact the integrity of data. **Recommendations** For Google Chrome versions prior to 83.0.4103.61, update to version 83.0.4103.61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 83.0.4103.61 **Description** The issue is related to insufficient policy enforcement in downloads, allowing a remote attacker to bypass navigation restrictions. This can be achieved via a crafted HTML page, potentially impacting data integrity. **Recommendations** For versions prior to 83.0.4103.61, update to version 83.0.4103.61 or later to resolve the issue.