Sahan Fernando

**Name of the Vulnerable Software and Affected Versions** Chromium versions prior to 140.0.7339.127 Chromium versions 140.0.7339.127-1~deb12u1 through 140.0.7339.127-1~deb13u1 Chromium version 141.0.7390.76-alt0.p11.1 **Description** The issue involves an inappropriate implementation within the Mojo IPC library used by Google Chrome and Microsoft Edge browsers. This flaw in access control could allow a remote attacker to bypass security restrictions. Exploitation may involve crafted HTML pages to bypass site isolation. The vulnerability affects systems running Google Chrome on Android, Linux, and ChromeOS. The `Mojo` library's `ChannelPosix` component incorrectly handles a large number of file descriptors in a message, potentially leading to file descriptor confusion. **Recommendations** Chromium versions prior to 140.0.7339.127: Upgrade to version 140.0.7339.127 or later. Chromium versions 140.0.7339.127-1~deb12u1 through 140.0.7339.127-1~deb13u1: Upgrade to a version later than 140.0.7339.127-1~deb13u1. Chromium version 141.0.7390.76-alt0.p11.1: No further action is required.