Przemek Gmerek

**Name of the Vulnerable Software and Affected Versions** Windows versions prior to the fixed version **Description** The issue is related to a buffer overflow in the Windows Advanced Local Procedure Call (ALPC) handler, which can be exploited to elevate privileges and execute arbitrary code with SYSTEM privileges. An elevation-of-privilege vulnerability allows attackers to affect the system. The vulnerability has been exploited in the wild and can be used to break out of the sandbox in Chromium. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.87 **Description** The issue is related to a type confusion in the V8 engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This is described as a high severity issue. The vulnerability was discovered by researchers at Avast and reported to the developer on October 25. It is noted that this is the seventh 0-day vulnerability in Chrome fixed by Google this year, and the second attributed to Avast. There is no information provided about the estimated number of potentially affected devices worldwide or specific details about real-world incidents where this issue was exploited, beyond it being actively exploited. **Recommendations** For Google Chrome versions prior to 107.0.5304.87, update to version 107.0.5304.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or modules until the update can be applied.