[sprkyco]

What is the logic to responding to security disclosures like this? In the reddit world this is called shit posting. Security bug A affects product B (or c-f) someone always responds at least I use g or h on z! Thus, I am immune from this particular security issue! Genuinely interested in why anyone bothers posting this non-sense.

[josteink]

It may come off as shit-posting, but I decided to reply as I did to highlight something important:

On Android anyone can implement a browser, have users download it, and make it the system default. On Android you don't need to end up with a Google monoculture, like you on iOS do have to accept the Apple monoculture.

The bug report says "all Android devices affected", which is factually incorrect. Mine never was, because mine never ran Chrome in the first place. And this was a Chrome bug.

On Android users have a choice. Whoever wrote this article does not seem understand that, nor the implications of it.

Thus my post. Does that sound more reasonable?

[sprkyco]

Can you cite "all Android devices affected"? Cannot find this particular quote in this or any other article. Also what bug report? I found this article and other articles cited, but no bug report from Google or the researcher as of yet.

The article does state "The vuln being in recent version of Chrome should work on all Android phones;" which is factually correct.

This is a "Chrome" bug in so much as the Chrome browser uses the V8 Javascript engine. However, this particular bug could have other consequences as it is stated in this article and others that the bug in fact occurs in the V8 Javascript Engine which is used in Nodejs, Mongo and others.

So, no, none of your comments sound reasonable.