Khalil

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.62 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Side Panel Search element of Google Chrome and Microsoft Edge browsers. This vulnerability is associated with memory usage after it has been freed. Exploitation of this issue may allow a remote attacker to execute arbitrary code by convincing a user to engage in specific UI interactions, potentially leading to heap corruption. **Recommendations** For Google Chrome versions prior to 120.0.6099.62, update to version 120.0.6099.62 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Chrome OS versions prior to 103.0.5060.114 **Description** The issue is related to a use after free in the Chrome OS Shell, which could allow a remote attacker to potentially exploit heap corruption via direct UI interactions if the user is convinced to engage in specific interactions. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 103.0.5060.114, update to version 103.0.5060.114 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Chrome OS versions prior to 102.0.5005.61 **Description** The issue is related to a use after free in the Sharing component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via specific user interactions. This could be achieved by convincing a user to engage in specific actions, potentially leading to arbitrary code execution through a specially crafted web page. **Recommendations** For Google Chrome on Chrome OS versions prior to 102.0.5005.61, update to version 102.0.5005.61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.64 **Description** The issue is related to a use after free in the Browser UI, which could potentially allow a remote attacker to exploit heap corruption via specific user interactions. This could enable the attacker to execute arbitrary code. **Recommendations** For versions prior to 101.0.4951.64, update to version 101.0.4951.64 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 99.0.4844.74 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Browser UI component, which can be exploited by a remote attacker using a crafted HTML page. This could potentially lead to heap corruption. The attacker must convince a user to engage in specific user interaction to exploit the issue. The estimated number of potentially affected devices is not provided. **Recommendations** For Google Chrome versions prior to 99.0.4844.74, update to version 99.0.4844.74 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 100.0.4896.60 **Description** The issue is related to a use after free in Portals, which could allow a remote attacker to potentially exploit heap corruption via user interaction, if the user is convinced to engage in specific actions. This could lead to a denial of service. **Recommendations** For Google Chrome versions prior to 100.0.4896.60, update to version 100.0.4896.60 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.71 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Autofill feature of the browsers. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information by using a specially crafted HTML page. The attacker would need to convince a user to perform a specific gesture to potentially exploit heap corruption. **Recommendations** For Google Chrome versions prior to 97.0.4692.71, update to version 97.0.4692.71 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 94.0.4606.54 **Description** The issue is related to a use after free vulnerability in the Tab Strip component of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page. This could potentially allow the attacker to bypass existing security restrictions and exploit heap corruption. **Recommendations** For versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 99.0.4844.51 **Description** The issue is related to a heap buffer overflow in the Cast UI of Google Chrome, which could be exploited by a remote attacker through a crafted HTML page, potentially leading to heap corruption. This requires specific user interaction to be exploited. **Recommendations** For Google Chrome versions prior to 99.0.4844.51, update to version 99.0.4844.51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.212 **Description** The issue is related to a use after free in the Tab Strip component of Google Chrome, which could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted HTML page. An attacker who convinces a user to install a malicious extension could potentially exploit heap corruption. **Recommendations** For Google Chrome versions prior to 90.0.4430.212, update to version 90.0.4430.212 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 88.0.4324.182 **Description** The issue is a heap buffer overflow in the Tab Strip element of Google Chrome on Windows, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This could enable the attacker to execute arbitrary code. **Recommendations** For versions prior to 88.0.4324.182, update to version 88.0.4324.182 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.114 Description: The issue is related to a heap buffer overflow in the TabStrip component of Google Chrome on Windows, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This might enable the attacker to execute arbitrary code or cause a denial of service. Recommendations: For versions prior to 89.0.4389.114, update to version 89.0.4389.114 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap buffer overflow in the TabStrip component until a patch is applied.