Prakash

**Name of the Vulnerable Software and Affected Versions** WPE WebKit versions prior to the fixed version iOS versions prior to 15.1 iPadOS versions prior to 15.1 macOS Monterey versions prior to 12.0.1 iOS versions prior to 14.8.1 iPadOS versions prior to 14.8.1 tvOS versions prior to 15.1 watchOS versions prior to 8.1 **Description** The issue is related to an information leakage problem in the WPE WebKit module, which is connected to the use of open redirects. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior. This could allow a remote attacker to access confidential data. **Recommendations** For WPE WebKit, update to a version that includes the fix for this issue. For iOS, update to version 15.1 or later. For iPadOS, update to version 15.1 or later. For macOS Monterey, update to version 12.0.1 or later. For iOS, update to version 14.8.1 or later. For iPadOS, update to version 14.8.1 or later. For tvOS, update to version 15.1 or later. For watchOS, update to version 8.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to insufficient policy enforcement in cookies, which can lead to information disclosure when processing data. A remote attacker can exploit this by using a crafted HTML page to leak cross-origin data, potentially gaining unauthorized access to confidential information. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data when using Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft browsers (affected versions not specified) **Description** A security issue exists due to improper handling of requests from different origins by Microsoft browsers. This allows the browsers to bypass Same-Site cookie restrictions and process requests that should otherwise be ignored. An attacker could exploit this to force the browser to send restricted data. The vulnerability is related to unsafe privilege management in Internet Explorer and Microsoft Edge, which could allow a remote attacker to disclose protected information using a specially crafted web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.