CVE-2024-8909: Chromium: CVE-2024-8909 Inappropriate implementation in UI

CVE-2024-8908: Chromium: CVE-2024-8908 Inappropriate implementation in Autofill

CVE-2024-8907: Chromium: CVE-2024-8907 Insufficient data validation in Omnibox

CVE-2024-8906: Chromium: CVE-2024-8906 Incorrect security UI in Downloads

CVE-2024-8905: Chromium: CVE-2024-8905 Inappropriate implementation in V8

**What type of information could be disclosed by this vulnerability?**

This vulnerability makes it possible to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view.

Headline

CVE-2023-35391: ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

Microsoft Security Response Center: Latest News