All the defenses you must break to exploit Chrome

My new hate is this flurry of people now becoming l33t 0day researchers overnight. "I found this 0day"... no... you AND THE AI found the 0day. This industry has always had people taking credit for others work. Be open and honest people, it's fine to admit that AI is playing a part (call out this BS where you see it!).

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

We’ve been through all kinds of situations: exploits failing, vendors turning off services during demos, patches being released the night before a demo, and more but we happily accepted and continue to play. And if you don’t participate in the game, who cares about your opinion?

Well since Google sucks fat donkey dick (still annoyed they waited >2 months to reject my RCE payload because i used the --single-thread flag in repro)... This was disclosed yesterday: issuetracker.google.com/u/1/… It was my 1st attempt to report the vuln that allows for RCE on every Chromium browser since Dec 2018. This one was rejected because I was still learning how to prove Chrome reachability. Ended up filing a new report a week later after figuring out a trick to bypass Chromium's validation on video files and being able to prove reachability.

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing

#BREAKING Iran’s Foreign Ministry: "The process [war] that has begun will soon engulf Europe. The fire, that the US and the Zionist regime ignited, will engulf the entire world."

Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds and have spawned a philosophical conversation on the implications of bug bounty and offensive security. Nerd stuff Google submits a CVE thingie to them, but FFmpeg is mad because while people finding CVEs is nice, they don't actually meaningfully contribute to their project. A CVE is important, but it does little when they don't have super cool things like money or help. FFmpeg basically sees it as a way for Google to jerk themselves off and say "omg Im so helpful" when they're not They also criticize security nerds for trying to bug bounty open source non profit community drive projects because while doing nothing to actually patch stuff. Security nerds just scream "ooga booga Im a hacker" People in comments are mad saying, "omg just patch it and work more and for free". Other people, "wow that's a really good point". Other people say, "I don't understand what's going on" Will FFmpeg force Google to submit a patch? Will nerds understand what FFmpeg is trying to convey? Will I ever get a good night's rest while having a newborn baby? Find out next time and more on the next episode of Dragon Ball Z