Comment on UPDATE YOUR BROWSERS IMMEDIATELY. RCE VULNERABILITY DISCOVERED
towerful@programming.dev 11 months agoI’ve read elsewhere it’s actually a problem with libwebp not just chrome.
Basically, anything that relies on libwebp (ie can play libwebp) is vulnerable.
snyk.io/blog/critical-webp-0-day-cve-2023-4863/
cheese_greater@lemmy.world 11 months ago
I wonder if it applies to devices using LockDown mode, thats shuts down a lot of nonsense in its own right…
towerful@programming.dev 11 months ago
techtarget.com/…/Browser-companies-patch-critical…
cheese_greater@lemmy.world 11 months ago
Good, I’m so fucking tired of this bullshit.
towerful@programming.dev 11 months ago
Nah, this bullshit is progress.
The root of this problem has always existed. Exploits have always been there, mistakes have always been there. These things are fundamentally unavoidable.
Acknowledging then, documenting them is new. Sensible disclosure is new. Companies paying for these bug bounties before they are publicly disclosed (so they can be fixed) is new.
And it’s awesome. It’s security. It’s people working together for the betterment of everyone.
It would be amazing if people didn’t make mistakes. But that isn’t possible.
Openess, honesty and quickly remedying of issues is possible, and it’s laudable.
So yeh, next time you get an annoying update that interrupts you’re workflow. Please understand the work and reason behind the update. You can still be pissed at the interruption, but please appreciate the human reason for it.