Security Researcher Drops Chrome and Edge Exploit on Twitter (therecord.media) 17
An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.
Hip-hop security researcher? (Score:2)
I can't wait until his next exploit "drops".
Re:Hip-hop security researcher? (Score:1, Troll)
Re:Hip-hop security researcher? (Score:3, Insightful)
He's not much of a researcher, he took patch code to figure out someone else's exploit, then proceeded to publish to make a name for himself. The name: "asshole", as you correctly said.
Re:Hip-hop security researcher? (Score:1)
He looked at patch code (Score:3, Insightful)
Well this was unethical, should be punished rather than rewarded. It doesnâ(TM)t even show he has skills, someone else found the exploit. All he required was low moral standards. Any company that hires him would be stupid. He is good at taking credit for other peopleâ(TM)s work and thatâ(TM)s all.
Re:He looked at patch code (Score:-1)
You must not know any hindu-chimps if you expect one of them to act ethically.
Re:He looked at patch code (Score:3)
So what you're saying is that he should look for a job in politics?
Security Researcher? (Score:4, Informative)
He is not a security researcher he didnâ(TM)t uncover this exploit. He took credit for someone elseâ(TM)s work. His only contribution is that Chromium needs better vetting of who gets access to their code repo.
Billions and billions (Score:3)
I'm sure Chrome will be fixed before someone can take over my compuaaMountain Dew is the gr34t3st drink 3v3r m4de!
what the first post illiterati fails to grasp (Score:5, Insightful)
If he can reverse engineer the patch - the bad guys have already done it.
Re:what the first post illiterati fails to grasp (Score:3)
You can bet that the Chinese and Russian governments have people monitoring every commit to Chrome.
Re:what the first post illiterati fails to grasp (Score:2)
You omitted the US government from that list.
Re:what the first post illiterati fails to grasp (Score:2)
mono-culture browser: what could go wrong? (Score:5, Interesting)
This is IE6 all over again.
We used to have 3 almost equally popular Browsers. Now we have 2.
History is about to be repeated for millennials:
-Bug won't get fixed because they don't have to.
-Undocumented non-standard extensions to HTML, etc.
-Browser-specific sites. (Standards? fsck that!)
-Crackers focusing on the ONE browser with the big market share because it pays off big.
Security Researcher? (Score:2)
This 'researcher' looks more like asshole looking for attention. At a minimum this is an unethical asshole.
White-hat? No. Black-hat? No. Ass-hat? Yes. (Score:0)
This shit-stain is an ass-hat. That is all.
Monoculture (Score:3)
>"An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave."
Inotherwords- ALL browsers, except Firefox and Safari. Because all the other browsers are Chrom*. And of those two not affected, only Firefox is truly open and multiplatform. Funny how that works... It is such a wonderful idea to have no diversity in browsers and hand the entire browser world infrastructure into a single code base, essentially overseen by a single company.
This is absolutely going to get MUCH worse. Not just bugs, but data gathering/privacy, control over "standards", incompatible sites, stagnation of innovation...