From object transition to RCE in the Chrome renderer

I really like these super detailed exploit breakdowns, and how they touch on circumventing the mitigations (largely because I wish people would understand that mitigations are just that - they make it harder to exploit a bug, not impossible).<p>Obviously ASLR specifically is pretty weak these days, but the idea is the same (and also it’s still important - this is very much along the lines of “I have seatbelts why do I need airbags”

When did Chrome go from the most secure browser to there is a exploit-chain giving RCE by visiting a malicious website every second month? (Last one I recall was CVE-2024-4761 and -4671)..<p>Or maybe it was never really secure and it was just good marketing?

Haven&#x27;t seen such a detailed writeup like this one in a while. What a find.<p>Goes to show the level of sophistication and technical skill of this RCE rabbit whole.<p>Well done.

Google is taking hostile actions against adblockers (and has attempted to do so for years now). Chrome using too much memory is a meme among normies at this point. It&#x27;s hard to say whether Chrome is less secure than competitors or if its exploits just get more publicity; clearly it was better than the competition at its inception, and clearly it could be better today.<p>At what point is replacement the right answer?<p>There are some promising browser engines in development right now: Servo &#x2F; Verso, and Ladybird. Some discussions from the past few days:<p>Verso – Web browser built on top of the Servo web engine | 806 points | 319 comments | <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41215727">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41215727</a><p>Ladybird browser to start using Swift language this fall | 200 points | 196 comments | <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41208836">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41208836</a>

Insane. I love that these bugs are being found and fixed.

- 21 security fixes were addressed in 126.0.6478.56&#x2F;57( Windows, Mac)<p>- $168615 awarded to security researchers and unknown $X in TBD bounties<p>I sure hope they&#x27;re refactoring parts of the codebase to leverage memory-safe languages.