The @zoom_us vuln sucks, but it's definitely not new. This was/is a common approach used to sidestep the NPAPI deprecation in Chrome. Seems like a @taviso favorite:
anti virus - https://bugs.chromium.org/p/project-zero/issues/detail?id=693 …
logitech - https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 …
utorrent - https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 …
-
-
I think you're right, they're trying to sidestep the NPAPI deprecation....but we deprecated it for a reason
I did look at WebEx a few years ago, they used an extension instead of a webserver... never looked at Zoom! https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 …1 reply 2 retweets 54 likes -
This Tweet is unavailable.
Hmm, the UX problem Zoom were trying to "solve" is that browsers (for good reason) require confirmation before launching external protocol handlers. I read that proposal, and don't see how it would change that.
9:13 AM - 10 Jul 2019
0 replies
3 retweets
8 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.