#chrome

By Deeba Ahmed NodeStealer 2.0 is a variant of the NodeStealer infostealing malware, which was taken down by Meta in May 2023. This is a post from HackRead.com Read the original post: NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

By Deeba Ahmed Cloudzy is registered in the United States, and its CEO is an Iranian national. This is a post from HackRead.com Read the original post: Cloud Service Provider Cloudzy Accused of Aiding Ransomware and APTs

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)

Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. ### References - https://nvd.nist.gov/vuln/detail/CVE-2022-40149 - https://github.com/jettison-json/jettison/issues/45 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 - https://github.com/jettison-json/jettison/pull/49/files - https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1 - https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html - https://www.debian.org/security/2023/dsa-5312

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. NodeStealer was first exposed by Meta in May 2023, describing it as a stealer

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.