G_Google@Flamescape.Com

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux Google Chrome version 54.0.2840.85 for Android Opera (affected versions not specified) **Description** The issue is related to insufficient validation of supplied data in bookmark handling, allowing a remote attacker to inject arbitrary scripts or HTML via crafted HTML pages. This can be demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. **Recommendations** For Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, update to version 54.0.2840.59 or later. For Google Chrome version 54.0.2840.85 for Android, update to a version later than 54.0.2840.85. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.