Micky

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 136.0.7103.113 Microsoft Edge (Chromium-based) versions prior to 136.0.7103.113 Chromium versions prior to 136.0.7103.113 **Description** A security issue exists in the Mojo IPC system within Google Chrome and Microsoft Edge browsers. This issue involves an incorrect handle being provided under unspecified circumstances, potentially allowing a remote attacker to perform a sandbox escape via a malicious file. Successful exploitation could lead to remote code execution. The vulnerability was discovered by a researcher named Micky, who received a $250,000 reward from Google for reporting the issue. The vulnerability is related to the `Mojo` component and specifically involves the `IpczDriver`. The `Mojo` IPC system is a critical component for inter-process communication within the browser. The vulnerability allows a malicious renderer process to potentially gain privileged access. The affected API endpoint is not specified. **Recommendations** Update Google Chrome to version 136.0.7103.113 or later. Update Microsoft Edge to version 136.0.7103.113 or later. Update Chromium to version 136.0.7103.113 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 131.0.6778.69 **Description** The issue is related to an inappropriate implementation in Views, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This is considered a medium severity issue. **Recommendations** For Google Chrome versions prior to 131.0.6778.69, update to version 131.0.6778.69 or later to mitigate the risk. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.54 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the Memory Allocator component of Google Chrome and Microsoft Edge browsers, which can lead to heap corruption. This can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing them to disclose protected information or cause a denial of service. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 126.0.6478.54, update to version 126.0.6478.54 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.