The @zoom_us vuln sucks, but it's definitely not new. This was/is a common approach used to sidestep the NPAPI deprecation in Chrome. Seems like a @taviso favorite:
anti virus - https://bugs.chromium.org/p/project-zero/issues/detail?id=693 …
logitech - https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 …
utorrent - https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 …
-
-
This Tweet is unavailable.
-
Hmm, the UX problem Zoom were trying to "solve" is that browsers (for good reason) require confirmation before launching external protocol handlers. I read that proposal, and don't see how it would change that.
- 8 more replies
-
-
-
Zoom is developed by ex-Webex guys AFAIK
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
I did look at WebEx a few years ago, they used an extension instead of a webserver... never looked at Zoom!