Hacker News new | ask | show | jobs
by mathisonturing 2447 days ago
You have to "install an application from an untrusted source, attackers can take advantage of that. Attackers can also take advantage of the bug if they pair it with vulnerabilities in the Chrome browser to render content."

I guess it informs us what not to do at the very least. Given the track record, I'm not very optimistic of the vendors pushing a patch very soon (if ever). This keeps us informed at least.
2 comments
asdfasgasdgasdg 2447 days ago
Or the attacked surface has to be exposed to the browser sandbox, which apparently this one is, per: https://bugs.chromium.org/p/project-zero/issues/detail?id=19...
link
mehrdadn 2447 days ago
> You have to "install an application from an untrusted source, attackers can take advantage of that. Attackers can also take advantage of the bug if they pair it with vulnerabilities in the Chrome browser to render content."

They can easily give that^ information without exposing details of the bug though?

link