Inti De Ceukelaire

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 65.0.3325.146 Opera versions prior to 65.0.3325.146 **Description** The issue is related to the incorrect handling of specified filenames in file downloads, allowing a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. **Recommendations** For Google Chrome versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later. For Opera versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue concerns the mishandling of Mark of the Web (MOTW) comments for URLs containing a "--" sequence by the page serializer. This might allow remote attackers to inject HTML via a crafted URL. An example of such a crafted URL is an initial http://example.com?-- substring. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.