Chrome can suck on my big, thick, fat, veiny cock. Firefox FTW

interesting.

Only Brave!!! :) Is mobile version of Chrome affected?

I never used Chrome :angel:

I know this is an issue that they're already working on, but fingers crossed that this gets more people switching to Firefox or Brave. Chrome should not have as big a position in the market as its had these past few years.

(April 16, 2022, 11:31 PM)sm4rt Wrote: Some of yours using Chrome for routines.
Update your Google Chrome to Patch bug.

CVE-2022-1364

Could you give some background on this? What was exploited? Will chromium have the same bug?

(June 14, 2022, 12:15 PM)fraserrgb Wrote:

(April 16, 2022, 11:31 PM)sm4rt Wrote: Some of yours using Chrome for routines.
Update your Google Chrome to Patch bug.

CVE-2022-1364

Could you give some background on this? What was exploited? Will chromium have the same bug?

There are multiple vulnerabilities that are actively exploited in Chrome. Due to the market share (and that Edge now is basically Chromium with some added additional attack surfaces) these will be the most prevalent not only exploited, but found to be exploited.

The people who found this (Google TAG) generally discovers nation-state level attacks and do not reveal details (TAG is different from GPZ. GPZ will share, TAG will not). In just this year alone they have found multiple Chrome vulnerabilities being actively exploited.

The real problem for you is going to often be where the vulnerability lies. Unless you're not patching in months of time many issues don't have the time to be mass exploited against just regular people (the cost is too high to burn on random shit and, especially, on targeting randoms in mass). However, when issues are in fully open source parts like v8 (such as this one) you have a bigger concern.

People who find bugs often follow disclosure policies where, if they reveal any details at all, they wait 30days-x months to reveal details. This can be in some blog post by some whitehat company (this is probably more the rule of concern these days) or the commit/bug report is opened which includes details and/or reproducer you can easily work from (Google has a relatively long time before they open their bug reports to public). All this is the most likely case, but it's not some hard standard. Let's go back to v8. As opposed to Chrome the v8 engine is fully open source and, because of this, you get all the commits:

https://chromium.googlesource.com/v8/v8.git/+log

People involved in handling issues in software like this might attempt to not clearly indicate security issues (as you can see from some embargo lifted bug reports when looking at commits), but it's basically there. People following v8 commits will have enough notification to actively develop for to get a decent hit rate. This is why a relatively large amount of public Chrome exploit code is exploiting v8 issues.

Long story short - Keep your browser updated as you're likely not important enough (I don't know you, you might be) for most of these issues to have hit you. If you are concerned and use Windows take a look at utilizing something like WDAG, setting up Defender exploit protection settings, disabling WASM, etc. Lots of things you can do to minimize non-targetted exploit code.

i always use firefox for web debug. Because its has such a good debug tool that no other browser can even compare to. Use edge for browsing internet tho  :D :D :D

excluding home users not sure why entrepreneur's obsession to link their intranet tools on chrome...my org using chrome as default browser citing compatibility issues.

though auto update is on yet its risky with WFH model

hope they switch to FF back

(April 16, 2022, 11:36 PM)penis Wrote: A type confusion? Who cares. Chrome also updates automatically.

And they have a bug bounty team for this as well. Why worrying ?