[luch]

I do not need to explain to you what CVE means, but still the "C" is for Coordinated : CVE used to be that identifier where downstream actors could keep track of in order to keep their systems up to date.

Since Google and P0 are so worried about the safety of theirs users's ecosystem, they should issue CVEs for internally found bugs in Chrome so that CEF, Electron, and every chrome-like projects maintainers can verify if they have backported the correct fix. They even complained about downstreamers leaving a patch gap for attackers recently :)

Unfortunately, nowadays CVEs are a commodity (perhaps a currency in the future ?) where the less you have the more "secure" your system is, which is utter bullshit.