Wgslfuzz

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.99 Microsoft Edge (affected versions not specified) **Description** The issue is related to an out-of-bounds memory access in the ANGLE library used by Google Chrome and Microsoft Edge. This could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, leading to arbitrary code execution. The vulnerability is caused by a buffer overflow in the ANGLE layer, which translates OpenGL ES calls to OpenGL, Direct3D 9/11, Desktop GL, Metal, and Vulkan. **Recommendations** For Google Chrome versions prior to 127.0.6533.99, update to version 127.0.6533.99 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker using a crafted HTML page, potentially leading to heap corruption. This could allow an attacker to execute arbitrary code. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 127.0.6533.72, update to version 127.0.6533.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.126 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker using a crafted HTML page to potentially execute arbitrary code or exploit heap corruption. Recommendations: For Google Chrome versions prior to 126.0.6478.126, update to version 126.0.6478.126 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.126 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker using a crafted HTML page to potentially execute arbitrary code or exploit heap corruption. Recommendations: For Google Chrome versions prior to 126.0.6478.126, update to version 126.0.6478.126 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.126 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker using a crafted HTML page to potentially execute arbitrary code or cause heap corruption. This can allow an attacker to impact the system. Recommendations: For Google Chrome versions prior to 126.0.6478.126, update to version 126.0.6478.126 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.114 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Dawn component, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 126.0.6478.114, update to version 126.0.6478.114 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.114 Microsoft Edge (affected versions not specified) **Description** The issue is related to an out of bounds memory access in the Dawn component, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 126.0.6478.114, update to version 126.0.6478.114 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.54 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker to potentially corrupt the heap via a crafted HTML page. This could allow the attacker to execute arbitrary code on the target system. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 126.0.6478.54, update to version 126.0.6478.54 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 125.0.6422.76 **Description** A heap buffer overflow issue in Dawn, a component of Google Chrome, allows a remote attacker to perform an out of bounds memory write via a crafted HTML page. This could potentially enable the attacker to execute arbitrary code. The issue is related to the WebGPU API and is considered to have a high security severity. **Recommendations** For Google Chrome versions prior to 125.0.6422.76, update to version 125.0.6422.76 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit this vulnerability. Avoid using the affected Dawn component until a patch is applied. At the moment, there is no additional information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 125.0.6422.60 **Description** The issue is related to a use after free in the Dawn component, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could be achieved through a specially crafted HTTP request. The severity of this issue is considered high. **Recommendations** For versions prior to 125.0.6422.60, update to version 125.0.6422.60 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling the use of WebGPU shaders until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.54 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker using a crafted HTML page to potentially corrupt the heap. This could allow the attacker to execute arbitrary code on the target system. **Recommendations** For Google Chrome versions prior to 126.0.6478.54, update to version 126.0.6478.54 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free vulnerability in the Dawn component, which can be exploited by a remote attacker via a specially crafted HTML page, potentially leading to heap corruption and impacting the confidentiality, integrity, and availability of protected information. Recommendations: For Google Chrome versions prior to 125.0.6422.141, update to version 125.0.6422.141 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge (affected versions not specified) Description: The issue is related to a use after free vulnerability in the Dawn component, which can be exploited by a remote attacker via a specially crafted HTML page, potentially affecting the confidentiality, integrity, and availability of protected information. The vulnerability may allow for heap corruption. Recommendations: For Google Chrome versions prior to 125.0.6422.141, update to version 125.0.6422.141 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 124.0.6367.118 **Description** The issue is related to a use after free in the Dawn component, which can lead to heap corruption. A remote attacker can potentially exploit this via a crafted HTML page, allowing for the execution of arbitrary code. The severity of this issue is considered high. **Recommendations** For versions prior to 124.0.6367.118, update to version 124.0.6367.118 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the exploitation of the heap corruption.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.78 Description: The issue is related to a use after free in the Dawn component, which can be exploited by a remote attacker to potentially corrupt the heap via a crafted HTML page. This could allow the attacker to execute arbitrary code. The severity of this issue is rated as High by Chromium. Recommendations: For Google Chrome versions prior to 124.0.6367.78, update to version 124.0.6367.78 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the exploitation of the heap corruption vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 123.0.6312.122 **Description** The issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This can be achieved through the use of a specially designed web page, potentially leading to arbitrary code execution. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 123.0.6312.122, update to version 123.0.6312.122 or later to resolve the issue. As a temporary workaround, consider avoiding the use of potentially vulnerable features in the Dawn component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 123.0.6312.86 **Description** The issue is related to a use after free in the Dawn component, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 123.0.6312.86, update to version 123.0.6312.86 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the exploitation of the heap corruption vulnerability.