Zhou Aiting

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Description: The issue is related to the use of uninitialized data in PDFium, a component used by Google Chrome and Microsoft Edge for handling PDF content. This could allow a remote attacker to obtain potentially sensitive information from process memory by using a crafted PDF file. The attacker could also cause a denial of service via a specially crafted web page. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. As a temporary workaround, consider avoiding the use of PDFium for handling PDF content until a patch is available. Restrict access to PDF files from untrusted sources to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) Description: The issue is related to the use of an uninitialized resource in the PDFium PDF content handler. It may allow a remote attacker to cause a denial of service using a specially crafted web page or obtain potentially sensitive information from process memory via a crafted PDF file. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) Description: The issue is related to the use of uninitialized data in PDFium, a PDF content handler used by Google Chrome and Microsoft Edge browsers. This could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. The attacker could also cause a denial of service using a specially crafted web page. Recommendations: For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 89.0.4389.72 **Description** The issue is related to the use of uninitialized data in PDFium, a component of Google Chrome. This could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. The attacker could exploit this issue to gain access to confidential information or cause a denial of service. **Recommendations** For Google Chrome versions prior to 89.0.4389.72, update to version 89.0.4389.72 or later to resolve the issue. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.170 Opera versions prior to 66.0.3359.170 **Description** The issue is related to an integer overflow in PDFium, a PDF content handler in Google Chrome and Opera, which could lead to a heap out-of-bounds write. This allows a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. **Recommendations** For Google Chrome versions prior to 66.0.3359.170, update to version 66.0.3359.170 or later. For Opera versions prior to 66.0.3359.170, update to a version that includes the fix for this issue, as the specific version is not provided. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the issue is resolved.