[zerognowl]

No, I stated I took out entire classes of attacks by using a single duty browser like Lynx and a hardened version of Firefox with JS disabled. Rather than patch and forget, I addressed the larger problem head on. The last thing a browser vendor wants to hear is a user complaining that JavaScript is enabled by default. There is a vested interest in having JavaScript all pervasive in browsers now, and huge lobby groups campaigning for a JavaScript only web, and this is very counter productive. Of course I can exploit Chrome and those exploits do work. My issue is that even if I report them, another one will popup because the design of Chrome (and Firefox) is fundamentally flawed from the very outset. Complexity is the enemy of security, and the onus is on the user to mitigate, not always on the vendors, or the bug reporting ecosystem, or even the bug bounty programs.