Sweetchip

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue exists in FullScreen on Windows. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially crafted HTML page. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An out of bounds write occurs in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to potentially exploit heap corruption, a condition where memory is written outside the allocated boundaries of the heap, by using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue in Dawn within Google Chrome, prior to version 146.0.7680.178, could allow a remote attacker to execute arbitrary code through a specially crafted HTML page. The Chromium security severity is rated as High. Recommendations Update Google Chrome to version 146.0.7680.178 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A flaw exists in ANGLE within Google Chrome, potentially allowing a remote attacker to access data from different origins through a specially designed HTML page. This issue is categorized as having high severity. Recommendations Update Google Chrome to version 146.0.7680.178 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.153 **Description** An integer overflow in the Dawn renderer within Google Chrome on Mac systems could allow a remote attacker to leak cross-origin data. This is achieved through a crafted HTML page. **Recommendations** Update Google Chrome to version 146.0.7680.153 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.1 **Description** The issue involves the "Thunderbolt" component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. It is related to pointer dereference errors. **Recommendations** For macOS versions prior to 10.12.1, update to version 10.12.1 or later to resolve the issue. As a temporary workaround, consider disabling the Thunderbolt component until a patch is available. Restrict access to the Thunderbolt interface to minimize the risk of exploitation. Avoid using crafted apps that may trigger the NULL pointer dereference.

**Name of the Vulnerable Software and Affected Versions** Apple iOS and Mac OS X (affected versions not specified) **Description** The issue is caused by a buffer overflow in the IOAcceleratorFamily component of iOS and Mac OS X operating systems. This can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is related to a NULL pointer dereference error in the IOFireWireFamily component. This error can be exploited by a local attacker to cause a denial of service. The vulnerability is associated with pointer dereference mistakes. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOFireWireFamily component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause memory errors and allow an attacker to execute arbitrary code in the context of the current user. This is due to use-after-free vulnerabilities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.