Hacker News new | ask | show | jobs
by chimeracoder 4439 days ago
> Browsers themselves were not vulnerable to heartbleed,

Clients could have been vulnerable to Heartbleed. Feel free to correct me on this, but I believe the only reason they weren't is that Chrome uses OpenSSL compiled without the heartbeat feature, and Firefox uses NSS.
1 comments
azakai 4439 days ago
Both Firefox and Chrome uses NSS (although I believe Chrome has a potential plan considering using OpenSSL at some point in the future).
link
gsnedders 4439 days ago
Chrome on Android uses OpenSSL, FWIW. I have no idea whether it supported the Heartbeat extension though.
link