Rsnake

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 4.1.249.1036 **Description** The issue concerns Google Chrome's handling of attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state. The impact and attack vectors of this issue are not specified. **Recommendations** For versions prior to 4.1.249.1036, update to version 4.1.249.1036 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Search Appliance (affected versions not specified) Google Mini (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded `q` parameter. **Recommendations** For Google Search Appliance, avoid using the `q` parameter with UTF-7 encoding until a fix is available. For Google Mini, avoid using the `q` parameter with UTF-7 encoding until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.