Sergei Glazunov

**Name of the Vulnerable Software and Affected Versions** libxml2 and libxslt versions prior to 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4 libxslt versions 1.1.35-1.2+deb13u1 libxml2 versions prior to 2.9.14+dfsg-1.3~deb12u4 libxml2 versions prior to 2.12.7+dfsg+really2.9.14-2.1+deb13u1 SLE 15 SP7 **Description** A heap use-after-free vulnerability exists in libxml2 and libxslt due to improper handling of attribute types, specifically the `atype` flags. This flaw occurs when processing certain XSLT operations, leading to memory corruption. Exploitation can result in crashes or potentially allow an attacker to execute arbitrary code. The vulnerability impacts various systems, including AWS Lambda base images and Oracle Linux. **Recommendations** Update libxml2 to version 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4 or later. Update libxslt to a version later than 1.1.35-1.2+deb13u1. Update libxml2 to version 2.9.14+dfsg-1.3~deb12u4 or later. Update libxml2 to version 2.12.7+dfsg+really2.9.14-2.1+deb13u1 or later. Apply the security patches for SLE 15 SP7.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 119.0.6045.159 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Navigation component of Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing the execution of arbitrary code. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 119.0.6045.159, update to version 119.0.6045.159 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.110 **Description** The issue is related to an out of bounds memory access in V8, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 116.0.5845.110, update to version 116.0.5845.110 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.96 **Description** The issue is related to type confusion in V8, a JavaScript engine used by Google Chrome, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The severity of this issue is classified as High by Chromium security. **Recommendations** For Google Chrome versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the type confusion vulnerability in V8 until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.96 **Description** The issue is related to an out of bounds memory access in V8, a component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is classified as High by Chromium security. **Recommendations** For Google Chrome versions prior to 116.0.5845.96, update to version 116.0.5845.96 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the out of bounds memory access in V8. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.133 **Description** The issue is related to a use after free vulnerability in the WebXR component of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code via a crafted HTML page. **Recommendations** For versions prior to 114.0.5735.133, update to version 114.0.5735.133 or later to resolve the issue. As a temporary workaround, consider restricting access to WebXR functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.90 **Description** The issue is related to a type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service or the execution of arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For versions prior to 114.0.5735.90, update to version 114.0.5735.90 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.90 **Description** The issue is related to a type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service or the execution of arbitrary code. The severity of this issue is classified as High by Chromium. **Recommendations** For versions prior to 114.0.5735.90, update to version 114.0.5735.90 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the type confusion in the V8 JavaScript engine until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 113.0.5672.126 **Description** The issue is related to type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 113.0.5672.126, update to version 113.0.5672.126 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 111.0.5563.64 **Description** The issue is related to a heap buffer overflow in the UMA (User Metrics Analysis) component of Google Chrome when processing HTML content. This can be exploited by a remote attacker using a specially crafted HTML page, potentially compromising the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 111.0.5563.64 **Description** A heap buffer overflow issue in the Metrics component of Google Chrome allows a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 **Description** The issue is related to an inappropriate implementation in Blink, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This is due to a use-after-free vulnerability in the page display mechanism. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied. Avoid using the vulnerable Blink component in Google Chrome until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.62 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Layout component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 107.0.5304.62, update to version 107.0.5304.62 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Audio component, allowing an attacker to potentially exploit heap corruption via a crafted Chrome Extension. This could be achieved if the attacker convinces a user to install a malicious extension. The exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 108.0.5359.71 **Description** The issue is related to a use after free vulnerability in the Mojo component of Google Chrome and Microsoft Edge browsers. This vulnerability allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted HTML page. The exploitation of this issue can potentially lead to heap corruption via a crafted HTML page, especially if the renderer process has been compromised. **Recommendations** For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. At the moment, there is no information about a fix for Microsoft Edge.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 105.0.5195.125 **Description** The issue is related to a use after free in Passwords, allowing a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 105.0.5195.125, update to version 105.0.5195.125 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 105.0.5195.52 **Description** The issue is related to a use-after-free vulnerability in the Network Service of Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker to potentially execute arbitrary code via heap corruption using a crafted HTML page. **Recommendations** For Google Chrome versions prior to 105.0.5195.52, update to version 105.0.5195.52 or later to resolve the issue. At the moment, there is no information about a fix for Microsoft Edge.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.101 Microsoft Edge (affected versions not specified) **Description** A use after free in FedCM allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is related to the use of memory after it has been freed, which could allow a remote attacker to execute arbitrary code. The issue is associated with the Federated Credential Management (FedCM) API, which enables the creation of unified identity services that preserve privacy and work without cross-site tracking mechanisms, such as third-party cookie handling. **Recommendations** For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.101 **Description** The issue is related to a use after free in Browser Creation, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page if the user engages in a specific UI interaction. This could lead to arbitrary code execution. **Recommendations** For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 104.0.5112.101 Microsoft Edge (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the Downloads function of the browsers, which can be exploited by a remote attacker using a specially crafted web page. This could potentially allow the execution of arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.