Sehwa

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.62 Chromium versions prior to 107.0.5304.62 Yandex Browser versions prior to 23.1.2.1033-alt1 Chromium-Gost versions prior to 107.0.5304.87-alt1 Chromium-Gost versions prior to 110.0.5481.177-alt1.p10.1 Chromium versions 107.0.5304.68-1~deb11u1 Ungoogled-Chromium versions prior to 113.0.5672.92-1.1 Chromedriver versions prior to 107.0.5304.87-1.1 **Description** A heap buffer overflow exists in the Vulkan component of Google Chrome, Chromium, Yandex Browser, Chromium-Gost, and related projects. This issue could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. The vulnerability affects the dynamic memory allocation within the Vulkan rendering mode. Exploitation may allow a remote attacker to execute arbitrary code. **Recommendations** Google Chrome versions prior to 107.0.5304.62: Upgrade to version 107.0.5304.62 or later. Chromium versions prior to 107.0.5304.62: Upgrade to version 107.0.5304.62 or later. Yandex Browser versions prior to 23.1.2.1033-alt1: Upgrade to version 23.1.2.1033-alt1 or later. Chromium-Gost versions prior to 107.0.5304.87-alt1: Upgrade to version 107.0.5304.87-alt1 or later. Chromium-Gost versions prior to 110.0.5481.177-alt1.p10.1: Upgrade to version 110.0.5481.177-alt1.p10.1 or later. Chromium versions prior to 107.0.5304.68-1~deb11u1: Upgrade to version 107.0.5304.68-1~deb11u1 or later. Ungoogled-Chromium versions prior to 113.0.5672.92-1.1: Upgrade to version 113.0.5672.92-1.1 or later. Chromedriver versions prior to 107.0.5304.87-1.1: Upgrade to version 107.0.5304.87-1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 102.0.5005.115 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the ANGLE library, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, allowing them to execute arbitrary code or cause a denial of service. **Recommendations** For Google Chrome versions prior to 102.0.5005.115, update to version 102.0.5005.115 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 102.0.5005.61 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the ANGLE library, which can be exploited by a remote attacker to potentially execute arbitrary code via a crafted HTML page. This can lead to heap corruption. **Recommendations** For Google Chrome versions prior to 102.0.5005.61, update to version 102.0.5005.61 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.64 **Description** The issue is related to a use after free in the ANGLE library of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code via a crafted HTML page. **Recommendations** For versions prior to 101.0.4951.64, update to version 101.0.4951.64 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 **Description** The issue is related to a use after free in SwiftShader, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could enable the attacker to execute arbitrary code. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 **Description** The issue is related to a use after free in Vulkan, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The vulnerability was discovered by SeongHwan Park and was rewarded with a $10,000 bounty. Google has released Chrome 101 with 30 security fixes, including this vulnerability. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to Chrome 101.0.4951.41 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Vulkan in Google Chrome until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 99.0.4844.74 **Description** The issue is related to a use after free vulnerability in the ANGLE library used by Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing the execution of arbitrary code or causing a denial of service due to heap corruption. **Recommendations** For Google Chrome versions prior to 99.0.4844.74, update to version 99.0.4844.74 or later to resolve the issue. At the moment, there is no information about a fix for Microsoft Edge.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 98.0.4758.80 **Description** The issue is related to a heap buffer overflow in the ANGLE library of Google Chrome, which could allow a remote attacker to exploit heap corruption. This can be achieved via a crafted HTML page. The vulnerability may enable a remote attacker to bypass existing security restrictions. **Recommendations** For versions prior to 98.0.4758.80, update to version 98.0.4758.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 99.0.4844.51 **Description** The issue is related to a heap buffer overflow in the ANGLE library used by Google Chrome and potentially other browsers like Microsoft Edge. This could allow a remote attacker to exploit heap corruption via a crafted HTML page, potentially leading to a denial of service. **Recommendations** For Google Chrome versions prior to 99.0.4844.51, update to version 99.0.4844.51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 92.0.4515.159 **Description** The issue is related to a use after free in the ANGLE library of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could potentially lead to arbitrary code execution. **Recommendations** For versions prior to 92.0.4515.159, update to version 92.0.4515.159 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.164 **Description** The issue is related to an out of bounds write in the ANGLE library of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service. **Recommendations** For Google Chrome versions prior to 91.0.4472.164, update to version 91.0.4472.164 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.101 Mozilla Thunderbird (affected versions not specified) **Description** The issue is related to an out of bounds write, which can potentially allow a remote attacker to perform out of bounds memory access. This can be achieved via a crafted HTML page. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Google Chrome versions prior to 91.0.4472.101, update to version 91.0.4472.101 or later to resolve the issue. For Mozilla Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.