Woojin Oh

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 88.0.4324.182 **Description** The issue is related to a use after free in the Downloads function of Google Chrome, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This could enable the attacker to execute arbitrary code. **Recommendations** For versions prior to 88.0.4324.182, update to version 88.0.4324.182 or later to resolve the issue. As a temporary workaround, consider restricting access to the Downloads function in Google Chrome until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 89.0.4389.72 **Description** The issue is related to a use after free vulnerability in the Blink mechanism of Google Chrome, which can lead to memory corruption. This can potentially allow a remote attacker to access confidential information or cause a denial of service. The vulnerability can be exploited via a crafted HTML page. **Recommendations** For versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 83.0.4103.61 **Description** The issue is related to a use after free in reader mode, which could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This can be achieved via a crafted HTML page. **Recommendations** For versions prior to 83.0.4103.61, update to version 83.0.4103.61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to insufficient data validation in streams, which can lead to heap corruption. This can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing unauthorized access to information and disrupting its integrity and availability. **Recommendations** For versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages until the update is applied.