Islam Rzayev

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.55 **Description** An issue in the History feature of the Google Chrome browser relates to errors in how information is presented in the user interface. Successful exploitation could allow a remote attacker to conduct cross-site scripting attacks. The security severity is considered low. **Recommendations** Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Gibbon versions 26.0.00 and earlier **Description** The issue allows remote authenticated users to conduct PHP deserialization attacks via the `columnOrder` parameter in a POST request to the "/modules/System%20Admin/import run.php&type=externalAssessment&step=4" API endpoint. This can lead to deserialization attacks. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Gibbon versions 26.0.00 and earlier, restrict access to the System Admin module and consider patching as soon as possible to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the `columnOrder` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.