Full Disclosure mailing list archives
Re: Google Chrome Browser Vulnerability
From: Shyaam <shyaam () gmail com>
Date: Wed, 3 Sep 2008 20:04:34 -0400
This is an out of bounds memory read that crashes the browser. It is a major exaggeration to call this a vulnerability, especially considering this is a beta browser. Not that others haven't already said it, but people never seem to learn that a browser crash is a stability issue, not a security issue.
This is a healthy discussion. This topic leads to a very good question. When do we call a bug as a vulnerability and when does an issue really turn out to be a security issue. When we have memory index out of bound error or when we have a OS level code having a out of bound memory error or when we reference an index value that doesn't exist or in many other cases, we do reference it as a vulnerability. So, in such cases where simple bugs and vulnerabilities overlap, is it not good to call it a vulnerability and correct it rather than downgrading from what it should be. I am not saying anything pertaining to this situation or redb0ne's email. It is a really good topic to discuss about. Like what redb0ne has mentioned, we always have 2 subsets. Common bugs that are not security related and something that is a security issue. And the overlap in these two would be bugs that leads to vulnerabilities. Let me know if I am missing something or if you guys know some materials where I can learn such missing gaps. My sincere apologies if this email sounded stupid. Shyaam
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 3.0 wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t 9a2kAMc= =ysci -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Google Chrome Browser Vulnerability, (continued)
- Re: Google Chrome Browser Vulnerability Andrew Farmer (Sep 03)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 03)
- Re: Google Chrome Browser Vulnerability silky (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability Valdis . Kletnieks (Sep 03)
- Re: Google Chrome Browser Vulnerability Razi Shaban (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability silky (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Message not available
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Re: Google Chrome Browser Vulnerability Fionnbharr (Sep 04)
- Re: Google Chrome Browser Vulnerability Chris Pritchard (Sep 04)
- Re: Google Chrome Browser Vulnerability The Mad Hatter (Sep 04)
- Message not available
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 04)
- Re: Google Chrome Browser Vulnerability hannibal (Sep 05)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 05)