Retsew0X01

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 135.0.7049.95 **Description** A use after free issue in the USB component of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This issue is related to the `UsbChooserController` holding a raw pointer to the requesting `RenderFrameHost`, which is destroyed before the chooser controller, resulting in a use after free condition. The estimated severity of this issue is high. **Recommendations** For Google Chrome versions prior to 135.0.7049.95, update to version 135.0.7049.95 or later to resolve the issue. As a temporary workaround, consider restricting access to USB-related features in Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 129.0.6668.58 Microsoft Edge (affected versions not specified) **Description** The issue is related to incorrect security UI in the Downloads component, allowing a remote attacker to perform UI spoofing via a crafted HTML page if the user is convinced to engage in specific UI gestures. This can be achieved by exploiting errors in the representation of information in the user interface. **Recommendations** For Google Chrome versions prior to 129.0.6668.58, update to version 129.0.6668.58 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Downloads component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 121.0.6167.85 **Description** The issue is related to a use after free vulnerability in the Reading Mode of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code if a user is convinced to install a malicious extension and interacts with the UI in a specific way. **Recommendations** For Google Chrome versions prior to 121.0.6167.85, update to version 121.0.6167.85 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Reading Mode or restricting the installation of extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on iOS versions prior to 116.0.5845.96 **Description** The issue is related to an inappropriate implementation in the App Launcher of Google Chrome, allowing a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. This could enable the attacker to bypass existing security restrictions. **Recommendations** For Google Chrome on iOS versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome for Android versions prior to 92.0.4515.107 **Description** The issue is related to insufficient policy enforcement in Android intents in Google Chrome, allowing a remote attacker to bypass security restrictions and gain unauthorized access to sensitive information by opening a specially crafted malicious web page. This can occur if a user is convinced to install a malicious application. The attacker can then obtain potentially sensitive information via a crafted HTML page. **Recommendations** For Google Chrome for Android versions prior to 92.0.4515.107, update to version 92.0.4515.107 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of applications from untrusted sources and being cautious when opening links from unknown origins. Restrict access to sensitive information and avoid using the browser for sensitive activities until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 92.0.4515.107 **Description** The issue is related to insufficient validation of user-input data in the Downloads directory, allowing a remote attacker to conduct domain spoofing attacks using a specially crafted HTML page. This can be achieved through a crafted web page. **Recommendations** For Google Chrome on Android versions prior to 92.0.4515.107, update to version 92.0.4515.107 or later to resolve the issue. As a temporary workaround, consider restricting access to the Downloads directory to minimize the risk of exploitation. Avoid using the `Downloads` directory in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 90.0.4430.212 **Description** The issue is related to incorrect security UI in Web App Installs, allowing an attacker to inject scripts or HTML into a privileged page via a crafted HTML page if they convince a user to install a web application. This could enable a remote attacker to redirect users to a malicious web page. **Recommendations** For Google Chrome on Android versions prior to 90.0.4430.212, update to version 90.0.4430.212 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of web applications from untrusted sources until the update is applied.