Matias Brutti

**Name of the Vulnerable Software and Affected Versions** libxml2 versions 2.9.4 and earlier **Description** The issue is related to the incorrect restriction of XML links to external objects, making it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. This allows a remote attacker to access confidential data. **Recommendations** For libxml2 versions 2.9.4 and earlier, consider disabling the XML External Entity (XXE) processing until a patch is available. Restrict access to sensitive files and data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 37.0.2062.60 Google Chrome version 38.x prior to 38.0.2125.59 on iOS **Description** The issue allows remote attackers to obtain video and audio data from a device via a crafted web site, due to improper restriction of processing of `facetime://` and `facetime-audio://` URLs. **Recommendations** For Google Chrome versions prior to 37.0.2062.60, update to version 37.0.2062.60 or later. For Google Chrome version 38.x prior to 38.0.2125.59 on iOS, update to version 38.0.2125.59 or later.