27
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 16 Sep 2024
27 points (100.0% liked)
TechTakes
1401 readers
232 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
OK I might have been a little too harsh, but the security requirements of a browser are higher than pretty much any other piece of software except perhaps for operating system code, emails, or text messages. As a serious player in the browser space it is not optional to get the basic security model / architecture right. This isn't a matter of a bug slipping through (which can happen to anyone), but the system being designed wrong. Hopefully this company has learned their lesson, treats it with the care it deserves going forward, and bring some diversity to the browser market.
Anyway that said let's look at how this was a colossal bug:
Compare Firefox I have an extension that allows for arbitrary CSS injection, but this extension isn't cloud based. So this class of vulnerability isn't possible in the first place, and also it is an extension I opted into and can enable selectively on specific sites instead of globally.