Til Jasper Ullrich

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 51.0.2704.63 **Description** The issue is related to errors in controlling access to CSS styles, allowing remote attackers to bypass the Same Origin Policy via a crafted web site. This can be achieved by exploiting the incorrect handling of MIME types during the download of CSS stylesheets by a ServiceWorker, enabling cross-origin loading. **Recommendations** For versions prior to 51.0.2704.63, update to version 51.0.2704.63 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a "chrome://settings" URL. This is achieved by not properly restricting use of chrome: URLs. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.