Robbe Van Roey

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.45 **Description** A flaw exists in Google Chrome's file input handling that could allow a remote attacker to perform UI spoofing. This requires convincing a user to interact with a specially crafted HTML page through specific UI gestures. The security severity is rated as low. **Recommendations** Update Google Chrome to version 145.0.7632.45 or later.

**Name of the Vulnerable Software and Affected Versions** Elgato Key Lights and related light products (affected versions not specified) **Description** A Cross-Site Request Forgery (CSRF) issue exists in Elgato Key Lights and related light products. This allows an attacker to remotely control a victim’s lights by hosting a malicious webpage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.