Sazzad Mahmud Tomal

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, allowing an unauthorized attacker to perform spoofing attacks over a network. This can be exploited by a remote attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (Chromium-based) versions up to 131.0.2903.63 Description: A spoofing vulnerability exists in Microsoft Edge, which is based on Chromium. The vulnerability may allow a remote attacker to conduct spoofing attacks by exploiting errors in the user interface's representation of information. The issue can cause the UI to perform wrong actions. Recommendations: For versions up to 131.0.2903.63, upgrade the affected component immediately to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) versions up to 131.0.2903.48 **Description** The Microsoft Edge browser, specifically the Chromium-based version, is affected by a spoofing issue that can be remotely exploited. Users should upgrade Microsoft Edge to the latest version as soon as possible to mitigate this issue. **Recommendations** For Microsoft Edge (Chromium-based) versions up to 131.0.2903.48, upgrade to the latest version as soon as possible to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient validation of untrusted input in the Safe Browsing service, which could allow a remote attacker to bypass discretionary access control via a malicious file. This could be achieved if the attacker convinces a user to engage in specific UI gestures. The vulnerability may also lead to a denial of service. **Recommendations** For Google Chrome versions prior to 127.0.6533.72, update to version 127.0.6533.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) versions prior to 124.0.2478.97 **Description** The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. There are no known exploits yet, but it is recommended to patch as soon as possible for defense-in-depth. **Recommendations** For versions prior to 124.0.2478.97, upgrade to version 124.0.2478.97 or later to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to v24.0.0.0 **Description** The issue is related to missing proper interaction for opening deeplinks in Samsung Internet, allowing remote attackers to open an application without proper interaction. **Recommendations** For versions prior to v24.0.0.0, update to version v24.0.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to perform a spoofing attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.