Isaac Dawson

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 77.0.3865.75 **Description** The issue is related to insufficient policy enforcement in the Blink module of Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This could enable the attacker to access confidential data. **Recommendations** For versions prior to 77.0.3865.75, update to version 77.0.3865.75 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 3.0.195.21 **Description** The issue allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. This is due to the getSVGDocument method omitting an unspecified "access check". **Recommendations** For versions prior to 3.0.195.21, update to version 3.0.195.21 or later to resolve the issue. As a temporary workaround, consider restricting access to SVG documents from external web servers to minimize the risk of exploitation.