GHSA-844J-XRRQ-WGH4 OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection

Summary When gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection

Summary When gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

Google Chrome Payments Cross-Site Scripting Vulnerability

Google Chrome is a web browser developed by Google, Inc. Payments is one of the payment components. A security vulnerability exists in Payments in Google Chrome versions prior to 70.0.3538.67, which stems from the program's failure to perform strict origin detection. The vulnerability can be...

Google Chrome Blink Security Bypass Vulnerability (CNVD-2019-03550)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 66.0.3359.117, which stems from the program's...