Full Disclosure: Re: Google Chrome Browser Vulnerability

Re: Google Chrome Browser Vulnerability

From: Shyaam <shyaam () gmail com>
Date: Wed, 3 Sep 2008 20:04:34 -0400

This is an out of bounds memory read that crashes the browser. It
is a major exaggeration to call this a vulnerability, especially
considering this is a beta browser. Not that others haven't already
said it, but people never seem to learn that a browser crash is a
stability issue, not a security issue.


This is a healthy discussion. This topic leads to a very good question. When
do we call a bug as a vulnerability and when does an issue really turn out
to be a security issue. When we have memory index out of bound error or when
we have a OS level code having a out of bound memory error or when we
reference an index value that doesn't exist  or in many other cases, we do
reference it as a vulnerability.

So, in such cases where simple bugs and vulnerabilities overlap, is it not
good to call it a vulnerability and correct it rather than downgrading from
what it should be. I am not saying anything pertaining to this situation or
redb0ne's email. It is a really good topic to discuss about. Like what
redb0ne has mentioned, we always have 2 subsets. Common bugs that are not
security related and something that is a security issue. And the overlap in
these two would be bugs that leads to vulnerabilities.

Let me know if I am missing something or if you guys know some materials
where I can learn such missing gaps. My sincere apologies if this email
sounded stupid.

Shyaam




-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 3.0

wpwEAQMCAAYFAki+9g8ACgkQGwcl4JwqQeBgBgP/YGeDE2VtxDaxw4S81LadJc0GbCJo
BmkN5g+6VhimPxUwvLgGyYoyaJg+Ab/cPzDELLMfp6h9jV+14jLO+2NYMnM8/G236Xjd
sew1u81YXnKUjaDkX0clUT9K9sWkQ2kJwnH6ZbMncnSpTXBLISiXyhoDCvtrdeTI1y8t
9a2kAMc=
=ysci
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Google Chrome Browser Vulnerability, (continued)
- Re: Google Chrome Browser Vulnerability Paul Ferguson (Sep 03)
  - Re: Google Chrome Browser Vulnerability silky (Sep 03)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
    - Re: Google Chrome Browser Vulnerability Valdis . Kletnieks (Sep 03)
    - Re: Google Chrome Browser Vulnerability Razi Shaban (Sep 03)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 03)
  - Re: Google Chrome Browser Vulnerability n3td3v (Sep 03)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 03)
  - Re: Google Chrome Browser Vulnerability Shyaam (Sep 04)
- Re: Google Chrome Browser Vulnerability redb0ne (Sep 04)
  - Message not available
    - Re: Google Chrome Browser Vulnerability Shyaam (Sep 04)
- Re: Google Chrome Browser Vulnerability Juha-Matti Laurio (Sep 04)
  - Re: Google Chrome Browser Vulnerability Fionnbharr (Sep 04)
    - Re: Google Chrome Browser Vulnerability Chris Pritchard (Sep 04)
    - Re: Google Chrome Browser Vulnerability The Mad Hatter (Sep 04)
    - Message not available
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 04)
    - Re: Google Chrome Browser Vulnerability hannibal (Sep 05)
    - Re: Google Chrome Browser Vulnerability n3td3v (Sep 05)