Raven

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (Chromium-based) (affected versions not specified) Description: The issue is related to improper input validation, allowing an authorized attacker to bypass a security feature locally. This is a security-feature bypass vulnerability that enables attackers to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 129.0.6668.70 Microsoft Edge (affected versions not specified) **Description** The issue is related to an integer overflow in the Skia graphics library used by Google Chrome and Microsoft Edge browsers. This can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing them to disclose protected information or impact data integrity. The exploitation involves an out of bounds memory write. **Recommendations** For Google Chrome versions prior to 129.0.6668.70, update to version 129.0.6668.70 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 113.0.5672.114 **Description** The issue is caused by an out of bounds write in the ChromeOS Audio Server, allowing a remote attacker to potentially exploit heap corruption via a crafted audio file. This could lead to arbitrary code execution. **Recommendations** For versions prior to 113.0.5672.114, update to version 113.0.5672.114 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted audio files that could trigger the out of bounds write in the ChromeOS Audio Server.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 112.0.5615.49 **Description** The issue is related to a heap buffer overflow in the Browser History component, which could be exploited by a remote attacker using a crafted HTML page, potentially leading to heap corruption. This could occur if the attacker convinces a user to engage in specific UI interaction. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For versions prior to 112.0.5615.49, update to version 112.0.5615.49 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 109.0.5414.119 **Description** The issue is related to a type confusion in the ServiceWorker API, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This may impact the integrity of data. The severity of this issue is classified as Medium by Chromium. **Recommendations** For versions prior to 109.0.5414.119, update to version 109.0.5414.119 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ServiceWorker API until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 **Description** The issue is related to a use after free vulnerability in the Browser Switcher extension, which can lead to heap corruption. This can be exploited by a remote attacker who convinces a user to engage in specific interactions via a crafted HTML page, potentially allowing the attacker to disclose protected information. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later to resolve the issue. As a temporary workaround, consider disabling the Browser Switcher extension until a patch is applied. Restrict access to crafted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.99 **Description** The issue is related to a heap buffer overflow in the Task Manager component of Google Chrome. This could allow a remote attacker to bypass existing security restrictions by exploiting heap corruption via specific user interactions. **Recommendations** For versions prior to 97.0.4692.99, update to version 97.0.4692.99 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 100.0.4896.60 **Description** The issue is related to a use after free in the File Manager of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via specific user gestures if the user is convinced to engage in specific user interaction. This could be achieved through a specially crafted web page. **Recommendations** For versions prior to 100.0.4896.60, update to version 100.0.4896.60 or later to resolve the issue. As a temporary workaround, consider restricting user interaction with the File Manager until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 95.0.4638.54 **Description** A heap buffer overflow issue in the Settings component of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This can be achieved by engaging with Dev Tools. **Recommendations** For versions prior to 95.0.4638.54, update to version 95.0.4638.54 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.90 Description: The issue is related to a use after free in WebRTC, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service. Recommendations: For versions prior to 89.0.4389.90, update to version 89.0.4389.90 or later to resolve the issue. As a temporary workaround, consider restricting access to WebRTC functionality until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Description: The issue is related to a use after free in WebMIDI, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality of protected information. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WebMIDI in Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Forumwa version 1.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `keyword` parameter in "search.php" or through the `body` or `subject` of a forum message. **Recommendations** For Forumwa version 1.0, avoid using the vulnerable parameters `keyword`, `body`, and `subject` in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to "search.php" and forum message posting until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PBLang version 4.65 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various means, including the search string to the "search.php" endpoint, the subject of a private message processed by "pm.php", or the body of a private message processed by "pmpshow.php". **Recommendations** For PBLang version 4.65, consider disabling the search functionality in "search.php", restricting user input in the subject and body of private messages processed by "pm.php" and "pmpshow.php" respectively, until a fix is available.