Freigeben über


Why I'm not running Chrome anymore (back to IE8 beta 2 for me)

https://www.milw0rm.com/exploits/6367
Long strings leading to stack overruns?  Really Google?  Srsly?  I guess I have the answer to my questions about whether they have an SDL / or the notion of banned APIs / or automated code scanning stuff . . . I mean long strings in an HTML tag is like . . . silly fuzzing 101 type stuff . . . the vulns we're fixing in IE these days are pretty insane and are usually pretty complicated / obscure . . . like usually they are some really complicated DOM manipulation stuff that is waaaaaayyyyy beyond simple 'overly long strings in a tag' type stuff.  I can't *wait* to see what happens when people start doing really advanced DOM fuzzing against Chrome. :)

Another interesting read is how they implemented some of their 'enhanced' BIBA security model stuff to prevent the read-up (from Low to Medium or higher) stuff that Low IL on Vista still allows: https://gynvael.coldwind.pl/?id=49

Function patching?  Really?  Wow.  Just . . . wow.

It's pretty obvious that the code quality just isn't there . . . this browser is not ready for prime time on anyone's machine IMHO.

Comments

  • Anonymous
    January 01, 2003
    FYI: Gynvael has posted a correction. Apparently the function hooking is a compatibility mechanism, not a security mechanism. http://gynvael.coldwind.pl/?id=57