Michael Smith

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 67.0.3396.62 **Description** The issue is related to the CSS Paint API in Blink, which allowed a remote attacker to leak cross-origin data via a crafted HTML page. This is due to a lack of protection for sensitive data. The exploitation of this issue can allow a remote attacker to disclose protected information using a specially crafted HTML page. **Recommendations** For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 7.38 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `destinations` parameter. This can be exploited by providing a malicious URL, potentially leading to phishing attacks. **Recommendations** For versions prior to 7.38, update to version 7.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the Field UI module until the update is applied. Avoid using the `destinations` parameter in affected URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 6.x through 6.34 Drupal versions 7.x through 7.34 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `destination` parameter. This can lead to phishing attacks. **Recommendations** For Drupal versions 6.x through 6.34, update to version 6.35 or later. For Drupal versions 7.x through 7.34, update to version 7.35 or later.