Tianyi Hu

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** Insufficient policy enforcement in AI allows a remote attacker who has compromised the renderer process to bypass Site Isolation, a security feature that ensures websites are loaded in separate processes to prevent cross-site data access, via a crafted HTML page. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** Insufficient validation of untrusted input in PointerLock allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.96 **Description** Insufficient validation of untrusted input in Dialog allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. **Recommendations** Update to version 148.0.7778.96 or later.

**Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in policy enforcement within Progressive Web Apps (PWAs) in Google Chrome before version 147.0.7727.55 permitted a remote attacker, having already compromised the renderer process, to install a PWA without explicit user permission through a specially crafted HTML page. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.55 **Description** A flaw in policy enforcement within the browser's user interface in Google Chrome, specifically before version 147.0.7727.55, could allow a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achieved through a specially crafted HTML page. The security severity is rated as Medium. **Recommendations** Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An inappropriate implementation in Fenced Frames allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is a security mechanism that ensures pages from different sites are run in separate processes to prevent data theft. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** Insufficient validation of untrusted input in Navigation allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a security feature that ensures pages from different sites are run in separate processes to prevent data theft. **Recommendations** Update to version 149.0.7827.53 or later.