[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google Chrome Browser Vulnerability

To: redb0ne@xxxxxxxx
Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability
From: Shyaam <shyaam@xxxxxxxxx>
Date: Thu, 4 Sep 2008 03:20:44 +0000

>
> Out of bound array accesses can be vulnerabilities because they can
>> in some cases result in code execution, but not in this case. In
>> this case, it is just an integer underflow that causes a
>> conditional to evaluate to true that shouldn't have and a byte or
>> two of memory being read out of bounds. There is no write, the
>> memory can't be leaked by an attacker, it is simply a crash.
>>
>> You can't even begin to compare a kernel denial of service to a
>> browser crash, killing a browser is a world away from taking down
>> an entire system. Let's face it, the last thing we need is someone
>> whoring out attention for every browser crash they come across.
>> Report it and be done with it, no one cares.
>
>
Cool!!! Thanks...

Shyaam

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Google Chrome Browser Vulnerability
  - From: redb0ne

Prev by Date: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Next by Date: Re: [Full-disclosure] Hardcoded Keys
Previous by thread: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Next by thread: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Index(es):
- Date
- Thread