Khalil Zhani

**Name of the Vulnerable Software and Affected Versions** Google Chrome (affected versions not specified) **Description** A user interface issue in Google Chrome may not adequately warn users about unsafe actions. Remote attackers could potentially bypass existing security restrictions by exploiting this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 140.0.7339.80 **Description** An inappropriate implementation in the Toolbar component of Google Chrome on Android allowed a remote attacker to perform domain spoofing. The attack required convincing a user to engage in specific UI gestures on a crafted HTML page. **Recommendations** Update Google Chrome to version 140.0.7339.80 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 134.0.6998.35 **Description** The issue is related to an inappropriate implementation in Permission Prompts in Google Chrome, allowing an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. The severity of this issue is classified as Low by Chromium security. **Recommendations** For Google Chrome versions prior to 134.0.6998.35, update to version 134.0.6998.35 or later to resolve the issue. As a temporary workaround, consider disabling the installation of new extensions until the update is applied. Restrict access to the `Permission Prompts` feature to minimize the risk of exploitation. Avoid using crafted Chrome Extensions in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 134.0.6998.35 **Description** The issue is related to an inappropriate implementation in the Browser UI, allowing a remote attacker to perform UI spoofing via a crafted HTML page. The severity of this issue is classified as Medium. **Recommendations** For versions prior to 134.0.6998.35, update to version 134.0.6998.35 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox for iOS versions prior to 134 **Description** The issue allows long hostnames in URLs to be used to obscure the actual host of a website or to spoof the website address. **Recommendations** For Firefox for iOS versions prior to 134, update to version 134 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome (affected versions not specified) **Description** An issue in Google Chrome can be exploited by attackers to impact the system. The problem stems from an inappropriate implementation within the Toolbar component. Microsoft Edge, being Chromium-based, also inherits and addresses this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 122.0.6261.57 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the Navigation function of the browsers, which may allow a remote attacker to spoof security UI via a crafted HTML page. This could potentially disclose protected information. **Recommendations** For Google Chrome versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 137.0.7151.55 **Description** The issue is related to an inappropriate implementation in the Tab Strip of Google Chrome, allowing a remote attacker to perform UI spoofing via a crafted HTML page. The severity of this issue is considered low. **Recommendations** For versions prior to 137.0.7151.55, update to version 137.0.7151.55 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 109.0.5414.74 **Description** The issue is related to a use after free vulnerability in the Overview Mode of Google Chrome, which can lead to heap corruption. This can be exploited by a remote attacker who convinces a user to engage in specific UI interactions via a crafted HTML page. The attacker could potentially execute arbitrary code. **Recommendations** For versions prior to 109.0.5414.74, update to version 109.0.5414.74 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Overview Mode in Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Chrome OS versions prior to 101.0.4951.64 **Description** The issue is related to a use after free in the Sharesheet component of Google Chrome, which can lead to heap corruption. A remote attacker who convinces a user to engage in specific UI interactions can potentially exploit this issue via specific user interactions. This can allow a remote attacker to potentially execute arbitrary code. **Recommendations** For Google Chrome on Chrome OS versions prior to 101.0.4951.64, update to version 101.0.4951.64 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 Lacros versions prior to 101.0.4951.41 **Description** The issue is related to out of bounds memory access in the UI Shelf component of Google Chrome on Chrome OS. This could allow a remote attacker to potentially exploit heap corruption via specific user interactions, leading to a program crash. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later. For Lacros versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue is related to the Cast UI interface in Google Chrome, where errors in information representation by the user interface can be exploited. This can allow a remote attacker to conduct spoofing attacks using a specially crafted HTML page. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cast UI interface until a patch is applied. Avoid using the Cast UI interface with untrusted HTML pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.77 **Description** The issue allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. This is due to a use after free in Tab Strip. **Recommendations** For versions prior to 91.0.4472.77, update to version 91.0.4472.77 or later to resolve the issue. As a temporary workaround, consider disabling the installation of extensions until the update is applied. Restrict access to crafted HTML pages to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.72 Description: The issue is related to a heap buffer overflow in the TabStrip element of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially impact the confidentiality, integrity, and availability of protected information. Recommendations: For Google Chrome versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.72 Description: The issue is related to a heap buffer overflow in the TabStrip element of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially impact the confidentiality, integrity, and availability of protected information. Recommendations: For versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling the use of crafted HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 89.0.4389.72 **Description** The issue is related to insufficient policy enforcement in payments, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. This could potentially impact the integrity of data. **Recommendations** For versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue. As a temporary workaround, consider restricting access to payment functions in Google Chrome until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 86.0.4240.99 **Description** The issue is related to a use after free error in the printing functionality of Google Chrome for Android. This error occurs when memory is accessed after it has been freed, which can lead to heap corruption. A remote attacker could potentially exploit this issue by using a specially crafted HTML page, allowing them to execute arbitrary code. **Recommendations** For versions prior to 86.0.4240.99, update to version 86.0.4240.99 or later to resolve the issue. As a temporary workaround, consider disabling the printing functionality until a patch is available. Restrict access to potentially malicious HTML pages to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 83.0.4103.97 Description: The issue is related to a use after free in the payments component of Google Chrome, which could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. Recommendations: For Google Chrome versions prior to 83.0.4103.97, update to version 83.0.4103.97 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 83.0.4103.61 **Description** The issue is related to an incorrect implementation in full screen mode, allowing a remote attacker to spoof security UI via a crafted HTML page. This could potentially impact the integrity of data. The vulnerability is associated with an error in the resource management mechanism of the system. **Recommendations** For Google Chrome versions prior to 83.0.4103.61, update to version 83.0.4103.61 or later to resolve the issue. As a temporary workaround, consider avoiding the use of full screen mode in Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on iOS versions prior to 80.0.3987.87 **Description** The issue is related to insufficient input validation in the Omnibox address bar of Google Chrome. It allows a remote attacker to compromise data integrity by using a specially crafted HTML page. This can lead to the spoofing of the Omnibox contents, potentially deceiving users about the actual URL they are visiting. **Recommendations** For Google Chrome on iOS versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue.