I'm not saying it can't be done by the best exploit writers, but would you agree that the average exploit writer is going to have a harder time on Edge compared to Chrome?
-
-
Replying to @berendjanwever @tiraniddo and
No offence, but there are so many known issues, maybe not only the best writers know them, but also the average writers know some of them too?
3 replies 3 retweets 4 likes -
Replying to @_f0rgetting_ @berendjanwever and
It's certainly worth noting the list of "out-of-scope" issues for the Mitigation Bypass bounty :-Dpic.twitter.com/1Aqq0ag6Xs
2 replies 0 retweets 13 likes -
Replying to @tiraniddo @_f0rgetting_ and
does chrome even pay for bypasses in your llvm CPI stuff?
2 replies 0 retweets 3 likes -
Replying to @dwizzzleMSFT @_f0rgetting_ and
Do you pay for anything in CFG based on that list? :-)
1 reply 0 retweets 4 likes -
-
Replying to @dwizzzleMSFT @_f0rgetting_ and
Why deploy a technology which you've clearly stated is broken, might as well spend more of your time on other stuff which matter.
1 reply 0 retweets 5 likes -
Replying to @tiraniddo @dwizzzleMSFT and
Have you even tried asking hackers nicely not to use non-cfg images James? I thought you cared about users???
1 reply 1 retweet 4 likes -
Replying to @taviso @dwizzzleMSFT and
We do, we ship the entirety of Chrome with non-cfg images, and the users love us for it.
1 reply 1 retweet 7 likes -
so you're saying what chrome needs are WX pages?
-
-
Replying to @tehjh @dwizzzleMSFT and
It appears we are debating which is better when nothing is stopping us from doing both. Unless you are certain that one or the other is never going to add value, why argue? IMHO both add value because they make exploitation harder and thus reduce the number of real life attacks.
1 reply 0 retweets 1 like -
Replying to @berendjanwever @dwizzzleMSFT and
"both" as in "CFG and WX pages"?
2 replies 0 retweets 0 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.