So is Chrome too secure for #Pwn2Own or are the prizes too low?
-
-
If you have a vuln now, exploiting for RCE in Chrome is relatively easy compared to Edge IMHO. I've not looked at sandbox escapes myself, so I can't comment on how easy it is to turn RCE into complete compromise.
-
IMHO, exploiting for RCE in Edge is also easy enough even when RFG/CET is employed in the future, so compare which one is more easy is meaningless.
-
I'm not saying it can't be done by the best exploit writers, but would you agree that the average exploit writer is going to have a harder time on Edge compared to Chrome?
-
No offence, but there are so many known issues, maybe not only the best writers know them, but also the average writers know some of them too?
-
It's certainly worth noting the list of "out-of-scope" issues for the Mitigation Bypass bounty :-Dpic.twitter.com/1Aqq0ag6Xs
-
does chrome even pay for bypasses in your llvm CPI stuff?
-
Do you pay for anything in CFG based on that list? :-)
-
Yeah that’s what I thought
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
