Koocola

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.4 **Description** A maliciously crafted ZIP archive may bypass Gatekeeper checks. This issue was addressed with improved checks. **Recommendations** For macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 to resolve the issue. As a temporary workaround, consider avoiding the use of ZIP archives from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 117.0.5938.62 **Description** The issue is related to insufficient data validation in Permission Prompts, which can be exploited by a remote attacker to install a malicious app and potentially perform a sandbox escape using a specially crafted file. This could allow the attacker to execute code outside the isolated software environment. **Recommendations** For versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue. As a temporary workaround, consider restricting the installation of apps from untrusted sources to minimize the risk of exploitation. Avoid using the `Permission Prompt Handler` component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Chrome OS versions prior to 104.0.5112.79 **Description** The issue is related to a use after free in the Nearby Share function, which could allow a remote attacker to exploit heap corruption via specific UI interactions if the user is convinced to engage in specific actions. This could potentially lead to arbitrary code execution with the help of a specially crafted web page. **Recommendations** For versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Nearby Share feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.99 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the printing function of the browsers, which can lead to heap corruption. A remote attacker who convinces the user to engage in specific interactions can potentially exploit this issue via a crafted HTML page. This could allow the attacker to execute arbitrary code. **Recommendations** For Google Chrome versions prior to 97.0.4692.99, update to version 97.0.4692.99 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 92.0.4515.159 **Description** The issue is related to a use after free vulnerability in the Extensions API of Google Chrome, which can lead to heap corruption. An attacker could potentially exploit this by convincing a user to install a malicious extension and then using a crafted HTML page. This could allow the attacker to execute arbitrary code remotely. **Recommendations** For versions prior to 92.0.4515.159, update to version 92.0.4515.159 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.77 **Description** The issue is related to a use after free vulnerability in the Bookmarks component of Google Chrome. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted HTML page. An attacker who convinces a user to install a malicious extension could potentially exploit heap corruption. **Recommendations** For versions prior to 91.0.4472.77, update to version 91.0.4472.77 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to minimize the risk of exploitation. Avoid using the Bookmarks component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in IndexedDB, which could allow an attacker to potentially perform a sandbox escape via a crafted Chrome Extension if a user is convinced to install a malicious extension. It may also enable a remote attacker to gain unauthorized access to protected information using a specially crafted web page. **Recommendations** For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.