![]() Firefox has shoddy security practices and is 5 years behind Chromium minimum in terms of security. It’s easy to find nothing when nobody uses your shit or bases any kind of software on it. Who uses the Firefox codebase? Just Mozilla and the undermanned Tor Project, LOL. You know who works with Chromium code? Not just Google, but also Microsoft, Opera, Amazon, Brave Software, Vivaldi Technologies, Intel, and thousands upon thousands of Electron apps. There’s a better chance to catch zero days if the codebase is actually being used and scrutinized. > if they’re patching 20 to 30 security exploits a month, and zero-day in-the-wild’s every month or two, just imagine how many they HAVEN’T caught Now you: when do you update your just another zero-day patch day at chromium you guys Mojo "is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries" according to documentation on the Google Source website. The scope of attacks targeting the vulnerability in Chrome is unknown. As always, Google does not provide additional information at this point. What expedited the release of a security update is the fact that the issue is exploited in the wild. High CVE-2022-3075: Insufficient data validation in Mojo. The security issue that is patched in the new version of Chrome is rated high, the second highest rating after critical. The official post on the Chrome releases blog offers little information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |