The link goes to the comments section. This one doesn't: <a href="https://arstechnica.com/information-technology/2020/10/googles-project-zero-discloses-windows-0day-thats-been-under-active-exploit/" rel="nofollow">https://arstechnica.com/information-technology/2020/10/googl...</a>
The combination of Chrome sandbox escape and Windows escalation make an extremely potent and high value combination. I hope we get more information on the "targeted" attacks
The article mentions how a bug in a library Chrome uses allowed a sandbox escape. I am left wondering if forks of Chrome (such as Edge, which I'm using to type this from) are already updated. This is what really worries me about using Edge. Not to mention unstaffed forks such as Ungoogled Chromium.
Did they include a proof of concept in the disclosure even though the Google patch has only been out for a week and the Microsoft patch is not yet available?<p>Showing more adversaries how to make exploits right now doesn't seem like a great idea?
On the same subject matter: <a href="https://news.ycombinator.com/item?id=24947247" rel="nofollow">https://news.ycombinator.com/item?id=24947247</a>