Full Disclosure mailing list archives
Re: Google Chrome Browser Vulnerability
From: redb0ne () hush com
Date: Wed, 03 Sep 2008 22:50:36 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My judgment is telling me to just ignore this, but I'll entertain it with one response. On Wed, 03 Sep 2008 20:04:34 -0400 Shyaam <shyaam () gmail com> wrote:
This is a healthy discussion. This topic leads to a very good question. When do we call a bug as a vulnerability and when does an issue really turn out to be a security issue. When we have memory index out of bound error or when we have a OS level code having a out of bound memory error or when we reference an index value that doesn't exist or in many other cases, we do reference it as a vulnerability.
Out of bound array accesses can be vulnerabilities because they can in some cases result in code execution, but not in this case. In this case, it is just an integer underflow that causes a conditional to evaluate to true that shouldn't have and a byte or two of memory being read out of bounds. There is no write, the memory can't be leaked by an attacker, it is simply a crash. You can't even begin to compare a kernel denial of service to a browser crash, killing a browser is a world away from taking down an entire system. Let's face it, the last thing we need is someone whoring out attention for every browser crash they come across. Report it and be done with it, no one cares. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAki/TP0ACgkQGwcl4JwqQeBmIwP+Lx9ie5O6Pg8NsX4oJOnMlbh7AfWe 05CxdoLEkocqs583yuuaDbxokZU8g4dyB+eNYDl0Y2+xT/rJJSQtXRAsVLJ/NJcdUtiA 9xxLWbZMNkUnVXlnggsYBm3rYvS6BRNezy06+SEChczEz5h8sP5AZYeQJuYsCXBG1uYD bzG+j0A= =P0V0 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Google Chrome Browser Vulnerability, (continued)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 03)
- Re: Google Chrome Browser Vulnerability silky (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability Valdis . Kletnieks (Sep 03)
- Re: Google Chrome Browser Vulnerability Razi Shaban (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability silky (Sep 03)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 03)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Message not available
- Re: Google Chrome Browser Vulnerability Shyaam (Sep 03)
- Re: Google Chrome Browser Vulnerability Fionnbharr (Sep 04)
- Re: Google Chrome Browser Vulnerability Chris Pritchard (Sep 04)
- Re: Google Chrome Browser Vulnerability The Mad Hatter (Sep 04)
- Message not available
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 04)
- Re: Google Chrome Browser Vulnerability hannibal (Sep 05)
- Re: Google Chrome Browser Vulnerability n3td3v (Sep 05)