Vasily Berdnikov

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 125.0.6422.60 Chromium versions prior to 126.0.6478.182-alt0.c10.1 Chromium-Gost versions prior to 125.0.6422.112-alt0.c10.1 Yandex-browser-stable version 24.4.3.1111-alt1 Chromium versions prior to 125.0.6422.60-1~deb12u1 (Debian bookworm) **Description** A type confusion vulnerability exists in the V8 JavaScript and WebAssembly engine in Google Chrome and Chromium-based browsers. This flaw could allow a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page. The vulnerability has been actively exploited in attacks, including by the Lazarus APT group who used a malicious game to deliver malware. Exploitation of this vulnerability can lead to remote code execution and potential unauthorized access or control of affected systems. **Recommendations** Update Google Chrome to version 125.0.6422.60 or later. Update Chromium to version 126.0.6478.182-alt0.c10.1 or later. Update Chromium-Gost to version 125.0.6422.112-alt0.c10.1 or later. Update Yandex-browser-stable to version 24.4.3.1111-alt1. Update Chromium to version 125.0.6422.60-1~deb12u1 or later (Debian bookworm).