Joao Lucas Melo Brasio

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 62.0.3202.62 Description: The issue is related to insufficient policy enforcement in Extensions, allowing a remote attacker to access Extension pages without authorization. This can be achieved by using a crafted HTML page. Recommendations: For versions prior to 62.0.3202.62, update to version 62.0.3202.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 32.0.1700.76 on Windows Google Chrome versions prior to 32.0.1700.77 on Mac OS X and Linux **Description** The issue allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. This is due to a problem in the OneClickSigninBubbleView::WindowClosing function. **Recommendations** For Google Chrome versions prior to 32.0.1700.76 on Windows, update to version 32.0.1700.76 or later. For Google Chrome versions prior to 32.0.1700.77 on Mac OS X and Linux, update to version 32.0.1700.77 or later.