LastPass have fixed the remote code execution bug I reported last week. 
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225 …
You've lost me, and your files all 403. how do you make a content script use http://ExtenalInterface.call without XSS? (i.e. already won)
-
-
Oops, perms fixed. The stack going from content script world to other isn't a security issue, more just unexpected and strange.
-
The addCallback working on HTMLObjectElement from isolated world in Chrome though probably is useful for exploiting some bugs like the


- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.