Zh1X1An1221

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Mac versions prior to 149.0.7827.53 **Description** A use after free issue exists where a remote attacker can execute arbitrary code. This is achieved by convincing a user to perform specific UI gestures while interacting with a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue in Chromoting allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Mac versions prior to 148.0.7778.168 **Description** A use after free issue exists in Extensions, where a use after free occurs when memory is accessed after it has been freed by the system. This allows an attacker to execute arbitrary code via a crafted Chrome Extension if a user is convinced to install a malicious extension. **Recommendations** Update to version 148.0.7778.168 or later.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge (affected versions not specified) Description: The issue is related to an out of bounds memory access in the Browser UI, specifically in the Keyboard Inputs component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. A remote attacker would need to convince a user to engage in specific UI gestures to exploit this issue. Recommendations: For Google Chrome versions prior to 125.0.6422.141, update to version 125.0.6422.141 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 122.0.6261.128 **Description** The issue is related to a use after free vulnerability in the Performance Manager component of Google Chrome, which can lead to heap corruption. This can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing the execution of arbitrary code. The estimated number of potentially affected devices is not specified. **Recommendations** For Google Chrome versions prior to 122.0.6261.128, update to version 122.0.6261.128 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Performance Manager component until a patch is available. Restrict access to crafted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 106.0.5249.62 **Description** The issue is related to a use after free in the assistant component of Google Chrome, which could allow a remote attacker to potentially perform a sandbox escape via specific UI gestures if a user is convinced to engage in these gestures. The exploitation of this issue may also allow an attacker to disclose protected information using a specially crafted web page. **Recommendations** For Google Chrome on ChromeOS versions prior to 106.0.5249.62, update to version 106.0.5249.62 or later to resolve the issue.