Soroush Karami

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 111.0.5563.64 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in Resource Timing, which could allow an attacker to obtain potentially sensitive information from an API via a crafted Chrome Extension. This could happen if a user is convinced to install a malicious extension. The severity of this issue is considered low. **Recommendations** For Google Chrome versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 83.0.4103.61 **Description** The issue is related to insufficient policy enforcement in Blink, a component of Google Chrome, allowing a remote attacker to obtain potentially sensitive information from process memory. This can be achieved via a crafted HTML page. **Recommendations** For versions prior to 83.0.4103.61, update to version 83.0.4103.61 or later to resolve the issue.