does chrome even pay for bypasses in your llvm CPI stuff?
-
-
Replying to @dwizzzleMSFT @_f0rgetting_ and
Do you pay for anything in CFG based on that list? :-)
1 reply 0 retweets 4 likes -
-
Replying to @dwizzzleMSFT @_f0rgetting_ and
Why deploy a technology which you've clearly stated is broken, might as well spend more of your time on other stuff which matter.
1 reply 0 retweets 5 likes -
Replying to @tiraniddo @dwizzzleMSFT and
Have you even tried asking hackers nicely not to use non-cfg images James? I thought you cared about users???
1 reply 1 retweet 4 likes -
Replying to @taviso @dwizzzleMSFT and
We do, we ship the entirety of Chrome with non-cfg images, and the users love us for it.
1 reply 1 retweet 7 likes -
-
Replying to @dwizzzleMSFT @tiraniddo and
so you're saying what chrome needs are WX pages?
1 reply 0 retweets 2 likes -
Replying to @tehjh @dwizzzleMSFT and
It appears we are debating which is better when nothing is stopping us from doing both. Unless you are certain that one or the other is never going to add value, why argue? IMHO both add value because they make exploitation harder and thus reduce the number of real life attacks.
1 reply 0 retweets 1 like -
Replying to @berendjanwever @dwizzzleMSFT and
"both" as in "CFG and WX pages"?
2 replies 0 retweets 0 likes
:) Both as in focusing on rce mitigations and/or preventing privilege escalation. I understand individuals are going to be better at one or the other and thus feel the need to pick a side. However, browsers should get the best of both as they are not mutually exclusive.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.