Yosin_Utc9

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.80 Opera (affected versions not specified) **Description** The issue arises from the improper use of HTML entities in the WebPageSerializerImpl::openTagToString function, located in WebKit/Source/web/WebPageSerializerImpl.cpp. This could allow remote attackers to inject arbitrary web script or HTML via a crafted document. For example, a double-quote character inside a single-quoted string can be used to demonstrate this issue. **Recommendations** For Google Chrome versions prior to 47.0.2526.80, update to version 47.0.2526.80 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.