Nat  Kutch

Nat Kutch

1598508180

Google Fixes High-Severity Chrome Browser Code Execution Bug

The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

The flaw (CVE-2020-6492) is a use-after-free vulnerability in the WebGL (Web Graphics Library) component of Chrome browser. This component is a Javascript API that lets users render 2D and 3D graphics within their browser. This specific flaw stems from the WebGL component failing to properly handle objects in memory.

“An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution,” according to Jon Munshaw with Cisco Talos in a Monday analysis.

The flaw ranks 8.3 out of 10 on the CVSS scale, making it a high-severity vulnerability. Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.

According to the proof-of-concept (PoC) attack outlined by researchers, the issue exists in a function of ANGLE, called “State::syncTextures.” This function is responsible for checking if texture has any “DirtyBits.” These are “bitsets” indicating if a specific state value, associated with a block of computer memory, has been changed.

#vulnerabilities #web security #chrome #chrome 85.0.4149.0 #security

What is GEEK

Buddha Community

Google Fixes High-Severity Chrome Browser Code Execution Bug
Grace  Lesch

Grace Lesch

1639778400

PySQL Tutorial: A Database Framework for Python

PySQL 

PySQL is database framework for Python (v3.x) Language, Which is based on Python module mysql.connector, this module can help you to make your code more short and more easier. Before using this framework you must have knowledge about list, tuple, set, dictionary because all codes are designed using it. It's totally free and open source.

Tutorial Video in English (Watch Now)

IMAGE ALT TEXT HERE

Installation

Before we said that this framework is based on mysql.connector so you have to install mysql.connector first on your system. Then you can import pysql and enjoy coding!

python -m pip install mysql-connector-python

After Install mysql.connector successfully create Python file download/install pysql on the same dir where you want to create program. You can clone is using git or npm command, and you can also downlaod manually from repository site.

PyPi Command

Go to https://pypi.org/project/pysql-framework/ or use command

pip install pysql-framework

Git Command

git clone https://github.com/rohit-chouhan/pysql

Npm Command

Go to https://www.npmjs.com/package/pysql or use command

$ npm i pysql

Snippet Extention for VS Code

Install From Here https://marketplace.visualstudio.com/items?itemName=rohit-chouhan.pysql

IMAGE ALT TEXT HERE

Table of contents

Connecting a Server


To connect a database with localhost server or phpmyadmin, use connect method to establish your python with database server.

import pysql

db = pysql.connect(
    "host",
    "username",
    "password"
 )

Create a Database in Server


Creating database in server, to use this method

import pysql

db = pysql.connect(
    "host",
    "username",
    "password"
 )
 pysql.createDb(db,"demo")
 #execute: CREATE DATABASE demo

Drop Database


To drop database use this method .

Syntex Code -

pysql.dropDb([connect_obj,"table_name"])

Example Code -

pysql.dropDb([db,"demo"])
#execute:DROP DATABASE demo

Connecting a Database


To connect a database with localhost server or phpmyadmin, use connect method to establish your python with database server.

import pysql

db = pysql.connect(
    "host",
    "username",
    "password",
    "database"
 )

Creating Table in Database


To create table in database use this method to pass column name as key and data type as value.

Syntex Code -


pysql.createTable([db,"table_name_to_create"],{
    "column_name":"data_type", 
    "column_name":"data_type"
})

Example Code -


pysql.createTable([db,"details"],{
    "id":"int(11) primary", 
     "name":"text", 
    "email":"varchar(50)",
    "address":"varchar(500)"
})

2nd Example Code -

Use can use any Constraint with Data Value


pysql.createTable([db,"details"],{
    "id":"int NOT NULL PRIMARY KEY", 
     "name":"varchar(20) NOT NULL", 
    "email":"varchar(50)",
    "address":"varchar(500)"
})

Drop Table in Database


To drop table in database use this method .

Syntex Code -

pysql.dropTable([connect_obj,"table_name"])

Example Code -

pysql.dropTable([db,"users"])
#execute:DROP TABLE users

Selecting data from Table


For Select data from table, you have to mention the connector object with table name. pass column names in set.

Syntex For All Data (*)-

records = pysql.selectAll([db,"table_name"])
for x in records:
  print(x)

Example - -

records = pysql.selectAll([db,"details"])
for x in records:
  print(x)
#execute: SELECT * FROM details

Syntex For Specific Column-

records = pysql.select([db,"table_name"],{"column","column"})
for x in records:
  print(x)

Example - -

records = pysql.select([db,"details"],{"name","email"})
for x in records:
  print(x)
#execute: SELECT name, email FROM details

Syntex Where and Where Not-

#For Where Column=Data
records = pysql.selectWhere([db,"table_name"],{"column","column"},("column","data"))

#For Where Not Column=Data (use ! with column)
records = pysql.selectWhere([db,"table_name"],{"column","column"},("column!","data"))
for x in records:
  print(x)

Example - -

records = pysql.selectWhere([db,"details"],{"name","email"},("county","india"))
for x in records:
  print(x)
#execute: SELECT name, email FROM details WHERE country='india'

Add New Column to Table


To add column in table, use this method to pass column name as key and data type as value. Note: you can only add one column only one call

Syntex Code -


pysql.addColumn([db,"table_name"],{
    "column_name":"data_type"
})

Example Code -


pysql.addColumn([db,"details"],{
    "email":"varchar(50)"
})
#execute: ALTER TABLE details ADD email varchar(50);

Modify Column to Table


To modify data type of column table, use this method to pass column name as key and data type as value.

Syntex Code -

pysql.modifyColumn([db,"table_name"],{
    "column_name":"new_data_type"
})

Example Code -

pysql.modifyColumn([db,"details"],{
    "email":"text"
})
#execute: ALTER TABLE details MODIFY COLUMN email text;

Drop Column from Table


Note: you can only add one column only one call

Syntex Code -

pysql.dropColumn([db,"table_name"],"column_name")

Example Code -

pysql.dropColumn([db,"details"],"name")
#execute: ALTER TABLE details DROP COLUMN name

Manual Execute Query


To execute manual SQL Query to use this method.

Syntex Code -

pysql.query(connector_object,your_query)

Example Code -

pysql.query(db,"INSERT INTO users (name) VALUES ('Rohit')")

Inserting data


For Inserting data in database, you have to mention the connector object with table name, and data as sets.

Syntex -

data =     {
    "db_column":"Data for Insert",
    "db_column":"Data for Insert"
}
pysql.insert([db,"table_name"],data)

Example Code -

data =     {
    "name":"Komal Sharma",
    "contry":"India"
}
pysql.insert([db,"users"],data)

Updating data


For Update data in database, you have to mention the connector object with table name, and data as tuple.

Syntex For Updating All Data-

data = ("column","data to update")
pysql.updateAll([db,"users"],data)

Example - -

data = ("name","Rohit")
pysql.updateAll([db,"users"],data)
#execute: UPDATE users SET name='Rohit'

Syntex For Updating Data (Where and Where Not)-

data = ("column","data to update")
#For Where Column=Data
where = ("column","data")

#For Where Not Column=Data (use ! with column)
where = ("column!","data")
pysql.update([db,"users"],data,where)

Example -

data = ("name","Rohit")
where = ("id",1)
pysql.update([db,"users"],data,where)
#execute: UPDATE users SET name='Rohit' WHERE id=1

Deleting data


For Delete data in database, you have to mention the connector object with table name.

Syntex For Delete All Data-

pysql.deleteAll([db,"table_name"])

Example - -

pysql.deleteAll([db,"users"])
#execute: DELETE FROM users

Syntex For Deleting Data (Where and Where Not)-

where = ("column","data")

pysql.delete([db,"table_name"],where)

Example -

#For Where Column=Data
where = ("id",1)

#For Where Not Column=Data (use ! with column)
where = ("id!",1)
pysql.delete([db,"users"],where)
#execute: DELETE FROM users WHERE id=1

--- Finish ---

Change Logs

[19/06/2021]
 - ConnectSever() removed and merged to Connect()
 - deleteAll() [Fixed]
 - dropTable() [Added]
 - dropDb() [Added]
 
[20/06/2021]
 - Where Not Docs [Added]

The module is designed by Rohit Chouhan, contact us for any bug report, feature or business inquiry.

Author: rohit-chouhan
Source Code: https://github.com/rohit-chouhan/pysql
License: Apache-2.0 License

#python 

Kole  Haag

Kole Haag

1600930800

Google Chrome Bugs Open Browsers to Attack

Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures.

Overall, Google’s release of Chrome 85.0.4183.121 for Windows, Mac and Linux – which will roll out over the coming days – fixed 10 vulnerabilities. The successful exploitation of the most severe of these could allow an attacker to execute arbitrary code in the context of the browser, according to Google. Google Chrome versions prior to 85.0.4183.121 are affected.

“Depending on the privileges associated with the application, an attacker could view, change or delete data,” according to Google’s Tuesday security advisory. “If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

#vulnerabilities #web security #chrome 85.0.4183.121 #chrome browser #chromium #cve-2020-15961 #cve-2020-15962 #cve-2020-15963 #cve-2020-15965 #fix #google #google chrome #google flaw #out of bounds read #security updates #stable channel release

Tyrique  Littel

Tyrique Littel

1603450800

Chrome 86 Aims to Bar Abusive Notification Content

Google has added a new feature to Chrome 86 that aims to stomp out abusive notification content.

Web notifications are utilized for a variety of applications – such as prompting site visitors to sign up for newsletters. However, they can also be misused for phishing, malware or fake messages that imitate system notifications for the purpose of generating user interactions. Google has taken steps to battle this issue by automatically blocking the web notifications that display abusive or misleading content.

When visitors encounter a webpage with malicious notification content, the webpage will be blocked and a Chrome alert on the upper navigation bar will warn them that the website might be trying to trick them into displaying intrusive notifications. It will ask them to “Continue Blocking” or “Allow” – the latter option will let users continue on to the webpage.

“Abusive notification prompts are one of the top user complaints we receive about Chrome,” according to PJ McLachlan, product manager with Google, on Wednesday. “Our goal with these changes is to improve the experience for Chrome users and to reduce the incentive for abusive sites to misuse the web-notifications feature.”

In order to detect sites that send abusive notification content, Google will first subscribe occasionally to website push notifications (if the push permission is requested) via its automated web crawling service.

Notifications that are sent to the automated Chrome instances will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved, said Google.

When a site is found to be in “failing” status for any type of notification abuse, Google will send a warning email to the registered owners of the site 30 days before cracking down. During this time, websites can address the issue and request another review.

Google first implemented controls that went against abusive notifications with Chrome 80, when it introduced a “quiet notification permission UI [user interface]” feature. Then, in Chrome 84, it announced auto-enrollment in quiet notification UI for websites with abusive-notification permission requests, such as sites that use deceptive patterns to request notification permissions.

However, the new enforcement in Chrome 86 takes it a step further by focusing “on notification content and is triggered by sites that have a history of sending messages containing abusive content,” said Google. “This treatment applies to sites that try to trick users into accepting the notification permission for malicious purposes, for example sites that use web notifications to send malware or to mimic system messages to obtain user login credentials.”

In an upcoming release, Chrome will revert the notification permission status from “granted” to “default” for abusive origins, preventing further notifications unless the user returns to the abusive origin and re-enables them. That’s because “prior to the release of Chrome’s abusive notifications protections, many users have already unintentionally allowed notifications from websites engaging in abusive activity,” it said.

Google this week also warned of an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild.

#web security #abusive content #abusive notifications #blocking #browser #browser notifications #chrome 80 #chrome 84 #chrome 86 #google #google chrome #malicious notification #safe browsing #web security

Ethen Ellen

1619858914

AOL Emails Not Loading Problems (+1-888-857-5157) in Chrome Browser

This is image title
AOL Mail is one of the free email services that includes calendar management and task management. If your AOL Emails Not Loading Problems in Chrome Browser, try these troubleshooting steps which is mention below. In this post, we are trying to describe the reason behind AOL email not loading and how to resolve AOL mail loading issues.

3 Reason Behind AOL Emails Not Loading Problems

Reason #1. Whenever you are unable to receive the new emails into your computer. You should log into your AOL mail account and go to the settings and click on filter settings. Now check the account settings, if you find any filter. you need to click on delete. After deleting the settings, you should send a mail to yourself. Let’s see if you are receiving it now or not.

Reason #2. If you do not find any filters into your emails, you should check the block list settings, maybe you have blocked the new emails from senders. That’s why you are not receiving any new emails. so, you should immediately go ahead and check it.

Reason #3. If you are unable to receive the new emails into your phone or computer. I would like to suggest you to check the server settings. Most of the time, people are facing such kind of problem due to the incorrect server settings. So, you should check them properly and if you find something wrong over there. You need to remove the account from your computer or phone and then reconfigure it. It will start working fine.

How to Resolve AOL Emails Not Loading Problems in Chrome Browser

If Your AOL Emails Not Loading Problems in Chrome Browser then you can go and find a help to resolve this issue. To get through this problem, follow the instructions below:

Solution 1: Clear browsing data on Chrome

  • On your computer, launch the Google Chrome browser after assuring that you have a stable Internet connection.
  • Close all the browser tabs (if any) and open a new blank tab.
  • Click the Customize and control Google Chrome icon at the top-right corner and select the More tools option from the drop-down list.
  • In the pop-up window, navigate to the top-left corner and click the clear browsing data tab beneath History.
  • When you are asked to choose the time limit, choose the Time
  • After choosing all the data, click the Clear data button to remove all your Chrome browsing data.
  • Once you have removed all the browsing data, sign in to your AOL Mail.
  • If your AOL Mail is still not loading on Chrome, move on to the next solution.

Solution 2: Reset web settings

  • On your Chrome browser, stop all the running tabs and start a blank tab.
  • Navigate to the top-right corner of the tab and click the Customize and control Google Chrome icon (three vertical dots).
  • Click on Settings from the drop-down list.
  • Navigate to the bottom of the Settings page and click Advanced.
  • Click the Reset Settings tab twice underneath Reset and clean up.
  • Now, your Chrome browser will be restored to factory defaults.
  • Restart your Chrome browser and navigate to the official AOL site.
  • Enter the correct login credentials in the essential field and try signing in to your AOL email account.
    If AOL Mail is still not loading on Chrome, contact our technical support team by clicking the Call button available on this page for remote assistance.
    After this, if you are unable to resolve AOL emails loading problems in chrome browser, don’t be panic. Email Expert 24*7 team is here to resolve all AOL mail issues as soon as possible. Just Dial Customer Care Toll-Free Number: +1-888-857-5157 and get instant help. Our technical team’s services are available- 24x7.

Source: https://email-expert247.blogspot.com/2021/01/aol-emails-not-loading-problems-1-888.html

#aol mail not loading problems in chrome browser #aol email not loading problems in chrome browser #aol not loading problems in chrome browser #aol mail not loading issues in chrome browser #aol email not loading issues in chrome browser

Nat  Kutch

Nat Kutch

1598508180

Google Fixes High-Severity Chrome Browser Code Execution Bug

The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

The flaw (CVE-2020-6492) is a use-after-free vulnerability in the WebGL (Web Graphics Library) component of Chrome browser. This component is a Javascript API that lets users render 2D and 3D graphics within their browser. This specific flaw stems from the WebGL component failing to properly handle objects in memory.

“An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution,” according to Jon Munshaw with Cisco Talos in a Monday analysis.

The flaw ranks 8.3 out of 10 on the CVSS scale, making it a high-severity vulnerability. Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.

According to the proof-of-concept (PoC) attack outlined by researchers, the issue exists in a function of ANGLE, called “State::syncTextures.” This function is responsible for checking if texture has any “DirtyBits.” These are “bitsets” indicating if a specific state value, associated with a block of computer memory, has been changed.

#vulnerabilities #web security #chrome #chrome 85.0.4149.0 #security