Wow, this writeup tries really hard to pad out what is a relatively routine security advisory.
The title should be something like "use after free vulnerability in Google Chrome, with possible remote code execution"
In any event, any insight into whether this is exploitable without allowing the permission? Seems like the auditing effort should be focused heavily on code that runs without any particular permission.
1 comment
[ 3.1 ms ] story [ 10.2 ms ] threadThe title should be something like "use after free vulnerability in Google Chrome, with possible remote code execution"
In any event, any insight into whether this is exploitable without allowing the permission? Seems like the auditing effort should be focused heavily on code that runs without any particular permission.