@cpu @0xabad1dea what they're trying to do is a conceptual mismatch with a web browser: http://tonyarcieri.com/whats-wrong-with-webcrypto …
@sleevi_ @0xabad1dea @cpu or if there are vulnerabilities in the extension implementation:http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions …
-
-
@bascule@0xabad1dea@cpu Sure, but that's the same as native code not enabling ASLR, DEP, or any of the other ways native can fail -
@sleevi_@0xabad1dea@cpu except your browser is constantly *executing* untrusted code from the Internet. For browsers, RCE is a given
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.