Another Chrome Vulnerability
Google has patched another Chrome zero-day:
On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.
Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for.
echo • May 14, 2024 7:34 AM
Back in the day one person could knock up a browser in three months. Okay, three years if you want to add some spit and polish. They’ve just got too big and fat and badly abstracted. The toolchains are junk. As with too many things they became about branding not standards.
The C/C++ specification needed refactoring decades ago to simplify and tidy it up and improve coding practices. Instead they lurched off into templates and adding the kitchen sink with contrarians unironically whining that it would be impossible or expensive for compiler vendors to refactor and support while deprecating the old standards and practices. This vulnerability shouldn’t even be a thing.
When I coded I used to compile against multiple compilers and multiple LINT tools. If one compiler or LINT didn’t catch something another one would. Yes, C/C++ and LINT tools are that flaky. Ditto graphics. ATI now AMD have always been more compliant with specifications. NVidia still play dirty. It’s always best practice to compile against multiple implementations for the same reason even if it’s to discover a driver bug and report it to the vendor. Legacy code is no problem if you abstracted at step one. I have deleted all my archives now but I had code from 2000 onwards which would still run today. If I still produced code today it would be updated to the latest API’s where necessary and still run because it was abstracted properly from the start. It’s not dead code. It doesn’t “bit rot” because there’s no such thing as “bit rot” only sloppy design and coding practices.
If people are going to rewrite everything in Rust they may as well review the specifications. Can’t they just get it right then leave it alone? They’re going to have to do it one day anyway. Might as well get it right now.