Yang Dingning

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.7.8 Google Chrome versions prior to 13.0.782.215 **Description** The issue is related to a double free vulnerability in libxml2, which can be exploited by remote attackers via a crafted XPath expression, potentially leading to a denial of service or other unspecified impacts. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For libxml2 versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. For Google Chrome versions prior to 13.0.782.215, update to version 13.0.782.215 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.7.8 libxml2 version 2.7.6 Google Chrome versions prior to 14.0.835.163 **Description** The issue is related to multiple vulnerabilities in the libxml2 package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are related to XPath handling and can cause a denial of service or have unspecified other impacts. **Recommendations** For libxml2 versions prior to 2.7.8, update to version 2.7.8 or later. For Google Chrome versions prior to 14.0.835.163, update to version 14.0.835.163 or later. For libxml2 version 2.7.6, consider disabling the vulnerable components related to XPath handling until a patch is available. At the moment, there is no information about additional mitigation measures for other affected versions.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions 2.7.6 through 2.7.8 mingw32-libxml2 versions 2.7.6 mingw32-libxml2-debuginfo versions 2.7.6 mingw32-libxml2-static versions 2.7.6 Google Chrome version prior to 8.0.552.215 **Description** The issue is related to multiple vulnerabilities in the libxml2 package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A double free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. **Recommendations** For libxml2 versions 2.7.6 through 2.7.8, update to a version later than 2.7.8 to resolve the issue. For mingw32-libxml2, mingw32-libxml2-debuginfo, and mingw32-libxml2-static versions 2.7.6, update to a version later than 2.7.6 to resolve the issue. For Google Chrome version prior to 8.0.552.215, update to version 8.0.552.215 or later to resolve the issue. As a temporary workaround, consider restricting access to the `XPath` handling functionality until a patch is available.