Rebane2001

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** A flaw exists in Google Chrome's DevTools due to insufficient policy enforcement. This allows a remote attacker to bypass navigation restrictions through a specially crafted HTML page. The Chromium security severity is rated as Low. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in Blink, a component of Google Chrome. This allowed a remote attacker to perform UI spoofing by using a specially crafted HTML page. The Chromium security severity is rated as Medium. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.49 Description: A use after free issue in the Animation component of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to remote heap corruption attacks. Recommendations: For Google Chrome versions prior to 138.0.7204.49, update to version 138.0.7204.49 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in policy enforcement within the browser's user interface allowed a remote attacker who had already compromised the renderer process to manipulate the Omnibox (URL bar) by presenting a crafted HTML page. This could lead to the spoofing of the URL displayed in the address bar. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.7.6 iPadOS versions prior to 16.7.6 iOS versions prior to 17.4 iPadOS versions prior to 17.4 macOS Sonoma versions prior to 14.4 **Description** The issue was addressed with improved checks. Processing web content may lead to a denial-of-service. **Recommendations** For iOS versions prior to 16.7.6, update to iOS 16.7.6 or later. For iPadOS versions prior to 16.7.6, update to iPadOS 16.7.6 or later. For iOS versions prior to 17.4, update to iOS 17.4 or later. For iPadOS versions prior to 17.4, update to iPadOS 17.4 or later. For macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later.

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 1.1 iOS versions prior to 17.4 iPadOS versions prior to 17.4 **Description** The issue was addressed with improved handling of caches. An app may be able to fingerprint the user. **Recommendations** For visionOS versions prior to 1.1, update to visionOS 1.1 to resolve the issue. For iOS versions prior to 17.4, update to iOS 17.4 to resolve the issue. For iPadOS versions prior to 17.4, update to iPadOS 17.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iPadOS versions prior to 17.4 iOS versions prior to 17.4 macOS versions prior to 13.6.7 watchOS (affected versions not specified) visionOS (affected versions not specified) tvOS (affected versions not specified) iOS 16.7.8 iPadOS 16.7.8 **Description** The issue is a memory corruption flaw stemming from writing beyond allocated buffer boundaries in memory. Apple is aware of reports indicating potential exploitation of this issue. An attacker with arbitrary kernel read and write capabilities could bypass kernel memory protections. The issue was addressed through improved validation. **Recommendations** Update iPadOS to version 17.4 or later. Update iOS to version 17.4 or later. Update macOS to version 13.6.7 or later. Update iOS to version 16.7.8. Update iPadOS to version 16.7.8.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 121.0.6167.85 Microsoft Edge (affected versions not specified) **Description** The issue is related to an integer underflow in the WebUI of Google Chrome and Microsoft Edge, which could allow a remote attacker to potentially exploit heap corruption via a malicious file. This could lead to the execution of arbitrary code. The Chromium security severity of this issue is High. **Recommendations** For Google Chrome versions prior to 121.0.6167.85, update to version 121.0.6167.85 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.55 **Description** A side-channel information leakage issue existed in the Navigation component of Google Chrome. This allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. The Chromium security severity was assessed as Medium. **Recommendations** Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 130.0.6723.58 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation of PictureInPicture in Google Chrome and Microsoft Edge, which allowed a remote attacker to perform UI spoofing via a crafted HTML page. This could enable an attacker to trick users with fake user interfaces. **Recommendations** For Google Chrome versions prior to 130.0.6723.58, update to version 130.0.6723.58 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.