| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080903203947.5E15C11803C@smtp.hushmail.com> Date: Wed, 03 Sep 2008 16:39:45 -0400 From: redb0ne@...h.com To: full-disclosure@...ts.grok.org.uk, psy.echo@...il.com Cc: contact.fingers@...il.com Subject: Re: Google Chrome Browser Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >Even though I had the vulnerability 4 hrs well before the real >publication of the bug and had the exploit along with the some >crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3, >different attack cases, exceptions of http/ftp and further debug >logs; there was this bug published (though without the details of >possible cases, exceptions and mouse hover techniques) couple of >hours before I released it out at EvilFingers. This is an out of bounds memory read that crashes the browser. It is a major exaggeration to call this a vulnerability, especially considering this is a beta browser. Not that others haven't already said it, but people never seem to learn that a browser crash is a stability issue, not a security issue. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 3.0 wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t 9a2kAMc= =ysci -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists