Seungju Oh

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Editor version 11.1.1.53537 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of arrays, specifically in JavaScript. An attacker can trigger a read past the end of an allocated object, potentially leveraging this in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Editor version 11.1.1.53537, consider disabling JavaScript handling until a patch is available to prevent exploitation. Restrict access to potentially malicious pages or files to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 Microsoft Edge (affected versions not specified) **Description** The issue is related to an inappropriate implementation in the HTML parser, which can allow a remote attacker to leak cross-origin data. This can be achieved via a crafted HTML page. The vulnerability is also associated with incorrectly implemented security checks for standard elements, potentially allowing a remote attacker to disclose protected information. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.