Malcolmst

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.216 **Description** Insufficient data validation in Extensions in Google Chrome allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. The issue is related to the CRX3 File Signature Verification Bypass via Embedded ZIP64 Payload. This could have enabled attackers to sneak in malicious extensions. **Recommendations** For versions prior to 120.0.6099.216, update to version 120.0.6099.216 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions from untrusted sources until the update is applied.