科技回声

Previous discussion: <a href="https://news.ycombinator.com/item?id=21425804" rel="nofollow">https://news.ycombinator.com/item?id=21425804</a>

Was already patched on Oct 31 <a href="https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html" rel="nofollow">https://chromereleases.googleblog.com/2019/10/stable-channel...</a>

I would suggest we put the date in these kind of 0 day titles. Nov 4 in this case...

Why would cybercriminals not just report the bug and pick up the cash from Google? Is it genuinely that much more lucrative to exploit it?

The CVE is still embargoed[1] as of the time of this comment. =/[1] <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-13720" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2019-13720</a>

I'm assuming this doesn't affect Chromium, or Chromium(-based) browsers on Android then? Seeing as it isn't mentioned.

Previous discussion: <a href="https://news.ycombinator.com/item?id=21425804" rel="nofollow">https://news.ycombinator.com/item?id=21425804</a>

I would suggest we put the date in these kind of 0 day titles. Nov 4 in this case...

Why would cybercriminals not just report the bug and pick up the cash from Google? Is it genuinely that much more lucrative to exploit it?

The CVE is still embargoed[1] as of the time of this comment. =/[1] <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-13720" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2019-13720</a>

I'm assuming this doesn't affect Chromium, or Chromium(-based) browsers on Android then? Seeing as it isn't mentioned.

New Chrome Zero-Day

6 条评论

New Chrome Zero-Day

6 条评论