#DailyBug #GoogleChrome blink Serializer::doSerialize bad cast
Bad casts are the new use-after-free.http://blog.skylined.nl/20161111001.html …
-
-
Replying to @berendjanwever
has
@XI_Research EIP/RSP program ever responded? It seems like iDefense and ZDI are the go-to guys1 reply 0 retweets 0 likes -
Replying to @p3t3_r3c0n
Yes, I have a good relation with
@XI_Research. Unfortunately, they want bugs where exploitation is proven e.g. you have PoC code1 reply 0 retweets 1 like -
Replying to @berendjanwever @XI_Research
oh ok so they are somewhere between
@thezdi (show exploitable crash) and@Zerodium (provide full exploit)?1 reply 0 retweets 0 likes -
Replying to @p3t3_r3c0n @XI_Research and
AFAICT yes. I'm guessing their customers are also in between, which is a bit of a problem for me
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
...as I want to be sure I don't provide anyone with 0-day for active use against third parties.
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
...which is hard to (if not impossible) to guarantee in many cases.
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @p3t3_r3c0n and
e.g.
@SecuriTeam_SSD is interesting, but hard to prove who gets the information and how it's used2 replies 0 retweets 0 likes
VCPs should be clear on: -How THEY use info -What they give to clients -What sort of clients*
-
-
Replying to @berendjanwever @p3t3_r3c0n and
* bonus if they explicitly state they don't want any active attackers (gov or other).
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.