R0Ng

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.109 **Description** The issue is related to a use after free in the FedCM component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could be achieved if the attacker convinces a user to engage in specific UI interaction. The exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted malicious web page. **Recommendations** For versions prior to 120.0.6099.109, update to version 120.0.6099.109 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 96.0.4664.93 Microsoft Edge (affected versions not specified) **Description** A type confusion issue in the loader component of Google Chrome and Microsoft Edge allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacker to execute arbitrary code or cause a denial of service. The issue is related to errors in data type conversion. **Recommendations** For Google Chrome versions prior to 96.0.4664.93, update to version 96.0.4664.93 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 95.0.4638.69 **Description** The issue is related to a use after free in Web Transport, which could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This could enable the attacker to execute arbitrary code or cause a denial of service. The vulnerability is associated with the use of memory after it has been freed, and exploitation may allow a remote attacker to impact the system. **Recommendations** For Google Chrome versions prior to 95.0.4638.69, update to version 95.0.4638.69 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the use after free vulnerability in Web Transport until a patch is applied.