The deadline was exceeded.
-
-
Following are vulns (per Chrome team) that's unfixed for more than a year (oldest one is reported on 2015
)
538562
771596
772759
794382
799041
802007
821625
821626
821628
821630
821632
821634
823241
823737
830101
830808
831731
831761
847848 -
I clicked through a few, they mostly don't seem like they need to be private to me. I can ping some Chrome developers and say you want them public if you like, it seems fine to me... I would have just made these public.

- 10 more replies
New conversation -
-
-
The spectrum of "vulnerabilities" is broader than RCE. And nowadays we are all on the same team. :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Likewise!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Spectre/Meltdown was a little longer IIRC, and they had a few years head start on the mitigation...
-
(Obviously that was a P0 bug, and everyone including Microsoft got longer to work on it)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
My point was, even Chrome can’t do 90 days deadlines for all vulnerabilities.