Tyler Nighswander

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 88.0.4324.96 **Description** The issue is related to insufficient data validation in V8, which can lead to out of bounds memory access. A remote attacker can potentially exploit this by using a crafted HTML page, allowing them to execute arbitrary code. **Recommendations** For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable `V8` components until a patch is applied. Avoid using crafted HTML pages that could trigger the out of bounds memory access until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.0 through 1.1.0c **Description** The issue is related to a NULL pointer dereference in the parsing of CMS structures in the OpenSSL library. This can be exploited by a remote attacker to cause a denial of service. The problem arises from the handling of the ASN.1 CHOICE type, which can result in a NULL value being passed to the structure callback when attempting to free certain invalid encodings. **Recommendations** For OpenSSL versions 1.1.0 through 1.1.0c, update to version 1.1.0c or later to resolve the issue. As a temporary workaround, consider restricting the use of the CMS parsing functionality until a patch is available. Avoid using the CHOICE structures that do not handle NULL values in the affected API endpoints until the issue is resolved.