The @zoom_us vuln sucks, but it's definitely not new. This was/is a common approach used to sidestep the NPAPI deprecation in Chrome. Seems like a @taviso favorite:
anti virus - https://bugs.chromium.org/p/project-zero/issues/detail?id=693 …
logitech - https://bugs.chromium.org/p/project-zero/issues/detail?id=1663 …
utorrent - https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 …
-
-
I think you're right, they're trying to sidestep the NPAPI deprecation....but we deprecated it for a reason
I did look at WebEx a few years ago, they used an extension instead of a webserver... never looked at Zoom! https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 …1 reply 2 retweets 54 likes -
This Tweet is unavailable.
-
Hmm, the UX problem Zoom were trying to "solve" is that browsers (for good reason) require confirmation before launching external protocol handlers. I read that proposal, and don't see how it would change that.
0 replies 3 retweets 8 likes -
This Tweet is unavailable.
-
This Tweet is unavailable.
-
This Tweet is unavailable.
-
This Tweet is unavailable.
They're eroded for a reason; a constant stream of critical remote vulnerabilities that just nullifies any security work we do. Sorry, but you're talking to the wrong person if you want this streamlined, I want it to be harder. 
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
- 1 more reply
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.