Rong Jian

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.133 **Description** The issue is related to a use after free in Autofill payments, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. **Recommendations** For versions prior to 114.0.5735.133, update to version 114.0.5735.133 or later to resolve the issue. As a temporary workaround, consider disabling the Autofill payments feature until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 113.0.5672.126 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Autofill UI of Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker using a crafted HTML page, potentially leading to heap corruption. The exploitation of this vulnerability may impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 113.0.5672.126, update to version 113.0.5672.126 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 112.0.5615.137 **Description** The issue is related to an out of bounds memory access in the Service Worker API of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page. This could potentially lead to heap corruption and allow the attacker to execute arbitrary code. **Recommendations** For versions prior to 112.0.5615.137, update to version 112.0.5615.137 or later to resolve the issue. As a temporary workaround, consider restricting access to the Service Worker API until a patch is applied. Avoid using the Service Worker API in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.101 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation of the Extensions API, which allowed an attacker to inject arbitrary scripts into the WebUI via a crafted HTML page if a user was convinced to install a malicious extension. This could potentially disclose protected information. **Recommendations** For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 97.0.4692.99 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Bookmarks component, which can lead to heap corruption. A remote attacker who convinces a user to engage in specific interactions can potentially exploit this issue via a crafted HTML page. This can allow the attacker to execute arbitrary code. **Recommendations** For Google Chrome versions prior to 97.0.4692.99, update to version 97.0.4692.99 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.212 **Description** The issue is related to a use after free in the File API, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This may lead to unauthorized access to confidential data, disruption of data integrity, and potentially cause a denial of service. **Recommendations** For versions prior to 90.0.4430.212, update to version 90.0.4430.212 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the use after free in the File API until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 87.0.4280.141 **Description** The issue is related to the use of previously freed memory in payments, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 87.0.4280.141, update to version 87.0.4280.141 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and avoiding the use of potentially vulnerable payment functions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 87.0.4280.66 **Description** The issue is related to insufficient data validation in the WebAssembly (WASM) implementation in Google Chrome, which could allow a remote attacker to potentially exploit heap corruption. This can be achieved via a crafted HTML page. The vulnerability may enable the attacker to execute arbitrary code. **Recommendations** For versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 87.0.4280.66 **Description** The issue is related to a use after free in PPAPI, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This can be achieved via a crafted HTML page. The attacker may be able to execute arbitrary code. **Recommendations** For versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable PPAPI components until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to an out of bounds write in JavaScript, which could potentially allow a remote attacker to exploit heap corruption. This can be achieved via a crafted HTML page, potentially leading to unauthorized access to protected information and disruption of its integrity and availability. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.