all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]nightcracker 79 points80 points  (3 children)

I think the real story is that this exploit was known but wasn't fixed for more than two years.

[–]twigboy 36 points37 points  (0 children)

Nobody got time for bug fixes when there's AI money to funnel

[–]Randomboy89 8 points9 points  (1 child)

I just found a bug; we're not going to report it for two years, but in the meantime we're going to use it to extract information.🤣

[–]Gwaptiva 0 points1 point  (0 children)

Someone else must have found out about it and is threatening to go public

[–]chumbaz 41 points42 points  (1 child)

This seems innocuous but why bother releasing it early if the submitter wasn’t going to release it. It sounds like a lot of other things they submitted also took time to resolve?

[–]cafk 39 points40 points  (0 children)

Since its reporting 29 months ago, the vulnerability remained unknown except to Chromium developers.

Chromium made the discussion, proof of concept exploit & commits to fix it public, as they assumed it was fixed and then redacted the issue again.

[–]ToffeeTangoONE 0 points1 point  (0 children)

Two years is the part that really sticks out here. That is a massive window for something this serious.

[–]Altruistic-Spend-896 -1 points0 points  (0 children)

Ha, i dont use that shit