Lbherrera

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Windows versions prior to 148.0.7778.168 **Description** Insufficient policy enforcement in the IFrame Sandbox allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. **Recommendations** Update Google Chrome on Windows to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 144.0.7559.110 **Description** An issue in the Background Fetch API in Google Chrome allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. The security severity is rated as High. **Recommendations** Update Google Chrome to version 144.0.7559.110 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in the Downloads component of Google Chrome. This allowed a remote attacker to circumvent multi-download protections through a specially crafted HTML page. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.45 **Description** A flaw exists in Google Chrome due to insufficient policy enforcement in Frames. This allows a remote attacker to perform UI spoofing using a specially crafted HTML page. The Chromium security severity is rated as Medium. **Recommendations** Update Google Chrome to version 145.0.7632.45 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14 **Description** The issue was addressed with improved checks. Processing web content may disclose sensitive information. **Recommendations** For versions prior to 14, update to macOS Sonoma 14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 115.0.5790.98 **Description** The issue is related to an inappropriate implementation in WebApp Installs, allowing a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This could lead to the attacker gaining access to confidential information. **Recommendations** For versions prior to 115.0.5790.98, update to version 115.0.5790.98 or later to resolve the issue. As a temporary workaround, consider restricting access to WebApp Installs until a patch is applied. Avoid using crafted HTML pages that could exploit this issue until the update is installed.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in Google Chrome's audio component, prior to version 147.0.7727.55. A remote attacker could bypass sandbox download restrictions by convincing a user to perform specific UI gestures on a crafted HTML page. The Chromium security severity is rated as Low. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient validation of untrusted input in the Downloads component, allowing an attacker to bypass Downloads restrictions. This can be achieved by convincing a user to install a malicious extension via a crafted HTML page. The attacker can exploit this issue to impact data integrity. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.71 **Description** The issue is related to an inappropriate implementation in Blink, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This is due to a lack of proper source data validation, enabling an attacker to disclose protected information using a specially designed HTML page. **Recommendations** For versions prior to 97.0.4692.71, update to version 97.0.4692.71 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.93 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient data validation in the loader, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could potentially lead to the disclosure of protected information. **Recommendations** For Google Chrome versions prior to 96.0.4664.93, update to version 96.0.4664.93 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue is related to an inappropriate implementation in the cache component of Google Chrome, which can be exploited by a remote attacker to leak cross-origin data. This can be achieved via a crafted HTML page. The vulnerability is also associated with errors in the implementation of security checks for standard elements, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.45 **Description** The issue concerns insufficient policy enforcement in the contacts picker component of Google Chrome on Android. This allows a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page, potentially bypassing security restrictions and gaining unauthorized access to protected information. **Recommendations** For versions prior to 96.0.4664.45, update to version 96.0.4664.45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.72 **Description** The issue is related to insufficient validation of untrusted input in Extensions, allowing an attacker to access local files via a crafted Chrome Extension if a user is convinced to install a malicious extension. This can lead to unauthorized access to local files. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 86.0.4240.75 **Description** The issue is related to insufficient data validation in navigation, allowing a remote attacker who has compromised the renderer process to bypass navigation restrictions. This can be achieved via a crafted HTML page. **Recommendations** For versions prior to 86.0.4240.75, update to version 86.0.4240.75 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 78.0.3904.70 **Description** The issue is related to insufficient policy enforcement in extensions, allowing an attacker to leak cross-origin data via a crafted Chrome Extension. This can be achieved by convincing a user to install a malicious extension. The vulnerability enables an attacker to bypass permission restrictions for extensions and impact the system. **Recommendations** For Google Chrome versions prior to 78.0.3904.70, update to version 78.0.3904.70 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources and avoiding the use of unverified extensions.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 77.0.3865.120 **Description** The issue is related to insufficient policy enforcement in performance APIs, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This can enable an unauthorized access to information. **Recommendations** For versions prior to 77.0.3865.120, update to version 77.0.3865.120 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** A remote attacker could confuse the user about the origin of the current page via a crafted HTML page, due to an issue where a renderer-initiated back navigation was incorrectly allowed to cancel a browser-initiated one in Navigation. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.