Sorrymybad

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 110.0.5481.77 **Description** The issue is related to an integer overflow in the Core component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, especially if a race condition is met. This could lead to memory damage and potentially elevate privileges to the root level. **Recommendations** For versions prior to 110.0.5481.77, update to version 110.0.5481.77 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.5 Apple iOS versions prior to 15.5 Apple iPadOS versions prior to 15.5 Apple watchOS versions prior to 8.6 Apple macOS Monterey versions prior to 12.4 Apple Safari versions prior to 15.5 **Description** A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to insufficient input validation in WebKitGTK and WPE WebKit modules, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Apple tvOS versions prior to 15.5, update to tvOS 15.5 to resolve the issue. For Apple iOS versions prior to 15.5, update to iOS 15.5 to resolve the issue. For Apple iPadOS versions prior to 15.5, update to iPadOS 15.5 to resolve the issue. For Apple watchOS versions prior to 8.6, update to watchOS 8.6 to resolve the issue. For Apple macOS Monterey versions prior to 12.4, update to macOS Monterey 12.4 to resolve the issue. For Apple Safari versions prior to 15.5, update to Safari 15.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 94.0.4606.54 **Description** The issue is related to a use after free in the File System API, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to the File System API until a patch is applied. Avoid using the File System API in affected versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 94.0.4606.54 **Description** The issue is related to the Background Fetch API in Google Chrome, which can lead to information disclosure in the error domain. A remote attacker who has compromised the renderer process can exploit this to leak cross-origin data via a crafted HTML page. **Recommendations** For versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to the Background Fetch API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 93.0.4577.82 **Description** The issue is related to an inappropriate implementation in Blink, allowing a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. This could potentially lead to a denial of service. The vulnerability is also present in Microsoft Edge, as it uses the same Blink module. **Recommendations** For Google Chrome versions prior to 93.0.4577.82, update to version 93.0.4577.82 or later to resolve the issue. At the moment, there is no information about a fix for Microsoft Edge.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 92.0.4515.131 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the File System API, which can be exploited by a remote attacker to potentially execute arbitrary code via a crafted HTML page. This can lead to heap corruption. The attacker can exploit this issue by using a specially crafted web page. **Recommendations** For Google Chrome versions prior to 92.0.4515.131, update to version 92.0.4515.131 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.