I thought chrome will never have such serious flaws, given the detailed comic style documentation / introduction for chrome about sandboxes and this and that.
I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Because that issues contains a description of the bug, which might be useful to prepare an exploit. Not everybody updates/uses Chrome every day, which means that there are still some people using the old, vulnerable version. Hiding the description of the bug is a way to protect those people. Once the majority of Chrome users have updated, the danger of somebdy exploiting the bug becomes irrelevant, and the issue can be made public.
It's true that this bug lets an attacker run code inside the sandbox, which means it's substantially harmless... Still, it's better to avoid it. After all, the only drawback is that if you want to satisfy your curiosity you'll have to wait for a couple of days, which is nothing terrible.
You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site Philadelphia Yellow Page Business Directory when you got time.
I was thinking of looking up some of them newspaper websites, but am glad I came here instead. Although glad is not quite the right word… let me just say I needed this after the incessant chatter in the media, and am grateful to you for articulating something many of us are feeling - even from distant shores. Please come visit my site San Antonio Yellow Page Business Directory when you got time.
11 comments :
When is going to be stable chrome v3
thanx for this nice blog and please let me take a copy to my site
البورصة المصرية
منتديات البورصة المصرية
منتدى البورصة السعودية | سوق الأسهم السعودى
تجارة عملات | فوركس | تجارة العملات | تداول عملات | Forex
What about the Dev release? I am using v 4.0.202.0
I thought chrome will never have such serious flaws, given the detailed comic style documentation / introduction for chrome about sandboxes and this and that.
@vijju: thanks for bringing up sandboxing. These bugs are not rated "Critical" precisely because of the existence of the sandbox.
Chris Evans, Chrome Security Team
I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Susan
http://3128proxy.com
Come on... please remove that SPAM comments.
And thanks for the updates!
Why is Issue 18639 Forbidden?!
Because that issues contains a description of the bug, which might be useful to prepare an exploit. Not everybody updates/uses Chrome every day, which means that there are still some people using the old, vulnerable version. Hiding the description of the bug is a way to protect those people. Once the majority of Chrome users have updated, the danger of somebdy exploiting the bug becomes irrelevant, and the issue can be made public.
It's true that this bug lets an attacker run code inside the sandbox, which means it's substantially harmless... Still, it's better to avoid it. After all, the only drawback is that if you want to satisfy your curiosity you'll have to wait for a couple of days, which is nothing terrible.
You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site Philadelphia Yellow Page Business Directory when you got time.
I was thinking of looking up some of them newspaper websites, but am glad I came here instead. Although glad is not quite the right word… let me just say I needed this after the incessant chatter in the media, and am grateful to you for articulating something many of us are feeling - even from distant shores. Please come visit my site San Antonio Yellow Page Business Directory when you got time.
Post a Comment