Renan Rios

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.137 Microsoft Edge (affected versions not specified) **Description** A heap buffer overflow in the Skia library of Google Chrome and Microsoft Edge exists due to a boundary error when processing untrusted HTML content. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which may lead to remote code execution. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 128.0.6613.137, update to version 128.0.6613.137 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Skia library until a patch is available. Avoid using the Skia component in Google Chrome until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.113 **Description** The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. This can potentially allow the attacker to execute arbitrary code via a crafted HTML page. The severity of this issue is considered high. **Recommendations** For versions prior to 128.0.6613.113, update to version 128.0.6613.113 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.84 **Description** The issue is related to out of bounds memory access in the Skia library used by Google Chrome. This allows a remote attacker who has compromised the renderer process to perform out of bounds memory access via a crafted HTML page. The attacker can potentially execute arbitrary code. **Recommendations** For Google Chrome versions prior to 128.0.6613.84, update to version 128.0.6613.84 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.113 **Description** The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. This can potentially lead to heap corruption via a crafted HTML page. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 128.0.6613.113, update to version 128.0.6613.113 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 122 Firefox ESR versions prior to 115.7 Thunderbird versions prior to 115.7 ANGLE (affected versions not specified) **Description** The issue is related to an out of bounds write in the ANGLE library, which could allow a remote attacker to corrupt memory, leading to a potentially exploitable crash. This may result in a denial of service. **Recommendations** For Firefox versions prior to 122, update to version 122 or later. For Firefox ESR versions prior to 115.7, update to version 115.7 or later. For Thunderbird versions prior to 115.7, update to version 115.7 or later. As a temporary workaround, consider restricting the use of the ANGLE library until a patch is available.