Ret2Happy

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 144.0.7559.132 **Description** A type confusion issue exists in the V8 engine within Google Chrome. This can lead to heap corruption when processing specially crafted HTML pages. A proof-of-concept (PoC) has been developed to leak hole values related to this issue. **Recommendations** Update Google Chrome to version 144.0.7559.132 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 137.0.7151.119 Chromium in Debian Linux (affected versions not specified) **Description** A use after free issue in Metrics allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is considered High. **Recommendations** For Google Chrome versions prior to 137.0.7151.119, update to version 137.0.7151.119 or later. For Chromium in Debian Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 117.0.5938.62 **Description** The issue is related to an out of bounds write in SwiftShader, a library used by Google Chrome. This allows a remote attacker to perform an out of bounds memory write via a crafted HTML page, potentially enabling the execution of arbitrary code. The severity of this issue is classified as High by Chromium security. **Recommendations** For Google Chrome versions prior to 117.0.5938.62, update to version 117.0.5938.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 103.0.5060.134 **Description** The issue is related to a use after free vulnerability in the Cast UI and Toolbar of Google Chrome, which could allow an attacker to exploit heap corruption via UI interaction if a user is convinced to install a malicious extension. This vulnerability may also be related to remote code execution. **Recommendations** For Google Chrome versions prior to 103.0.5060.134, update to version 103.0.5060.134 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 102.0.5005.61 **Description** The issue is related to a use after free in the UI of Google Chrome, which allows a remote attacker to perform arbitrary read/write via a crafted HTML page. This can potentially enable an attacker to access or modify files on the system. The severity of this issue is classified as Medium by Chromium security. **Recommendations** For Google Chrome versions prior to 102.0.5005.61, update to version 102.0.5005.61 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied.