Ronni Skansing

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 73.0.3683.75 **Description** The issue is related to incorrect handling of download origins in Navigation, allowing a remote attacker to perform domain spoofing via a crafted HTML page. Additionally, it involves an integer overflow vulnerability that can be exploited by a remote attacker to compromise data integrity using a specially crafted HTML page. **Recommendations** For versions prior to 73.0.3683.75, update to version 73.0.3683.75 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.4.2 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing. For example, an https://example.com URL can be used to demonstrate this issue. **Recommendations** For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp validate redirect function in wp-includes/pluggable.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.4.2 **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is achieved by providing a zero value in the first octet of an IPv4 address in the `u` parameter to the "/wp-admin/press-this.php" API endpoint. **Recommendations** For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/press-this.php" API endpoint until the update is applied. Avoid using the `u` parameter in the affected API endpoint until the issue is resolved.