Povcfe

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** Insufficient policy enforcement in Downloads allows a local attacker to bypass navigation restrictions by using a crafted HTML page. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An inappropriate implementation in the Enterprise component allows a local attacker with physical access to the device to perform privilege escalation. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.55 **Description** A flaw exists in the PDF implementation within Google Chrome, potentially allowing a remote attacker to circumvent navigation restrictions using a specially designed HTML page. The security severity is rated as Low. **Recommendations** Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** Insufficient policy enforcement in ChromeDriver in Google Chrome allowed a remote attacker to bypass the same origin policy through a crafted HTML page. The Chromium security severity is rated as Medium. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Freetype versions 2.13.2 and 2.13.3 **Description** An integer overflow in the `tt var load item variation store` function may allow for an out-of-bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. **Recommendations** Update to version 2.14.2 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** A side-channel information leakage issue existed in ResourceTiming within Google Chrome. This allowed a remote attacker to potentially leak cross-origin data through a specially crafted HTML page. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** An issue in Google Chrome on iOS allowed a remote attacker to bypass navigation restrictions through a specially crafted HTML page. The Chromium security severity is rated as Medium. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** lighttpd versions 1.4.46 through 1.4.63 **Description** The mod extforward Forwarded function of the mod extforward plugin in lighttpd has a stack-based buffer overflow, which can be exploited for remote denial of service (daemon crash) in a non-default configuration. This configuration requires handling of the Forwarded header in a somewhat unusual manner. Additionally, 32-bit systems are more likely to be affected than 64-bit systems. **Recommendations** For lighttpd versions 1.4.46 through 1.4.63, consider disabling the mod extforward Forwarded function of the mod extforward plugin as a temporary workaround to minimize the risk of exploitation. Restrict access to the mod extforward plugin to reduce the likelihood of a daemon crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.