Lijo A.T

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.84 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in WebApp Installs, allowing an attacker to perform UI spoofing via a crafted HTML page. This can occur when a user is convinced to install a malicious application. The attacker, acting remotely, can exploit this to manipulate the user interface. **Recommendations** For Google Chrome versions prior to 128.0.6613.84, update to version 128.0.6613.84 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 82 **Description** The issue is related to a spoofing attack that can occur when a user clicks on a link to an external protocol. This allows an attacker to induce a prompt that can be associated with an origin they do not control. The problem stems from a lack of proper source confirmation in the browser's mechanism. **Recommendations** For versions prior to 82, update to version 82 or later to resolve the issue. As a temporary workaround, consider avoiding clicks on links to external protocols from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to insufficient policy enforcement in the Safe Browsing feature, allowing a remote attacker to bypass navigation restrictions. This can be achieved via a crafted HTML page. **Recommendations** For versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue.