Google Chrome Zero Day CVE-2021-4102, Use after free in V8
IMO the most important line in that blog post is:
> Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.
Pretty useless page if you are interested in details;
link [1] is a search query for `type:bug-security os=Android,ios,linux,mac,windows,all,chrome label:Release-2-M96` which returns no result from `bugs.chromium.org`
link [2] is a generic Chrome landing page
links [3-7] require Google Login (WTF?)
I gave up after that.
Edit; I actually didn't give up, I searched `https://bugs.chromium.org/p/chromium/issues/list` for the associated issue numbers with no results.
1. https://bugs.chromium.org/p/chromium/issues/list?can=1&q=typ...
2. https://sites.google.com/a/chromium.org/dev/Home/chromium-se...
This is one class of bugs that would not exist if V8 was written in Rust.
How does this impact v8 based services, like Cloudflare Workers?
Well, if you're using an adblock with JS disabled, you may sleep well.
Signs Of A Cheating Girlfriend: Gather Proof To Make A Decision: https://www.hackerslist.co/signs-of-a-cheating-girlfriend-ga...
I am surprised that the altruists at Project Zero didn't find these. When they find zero days in Firefox they make flashy 6 page technical briefs out of it to make sure there's no process failure at Mozilla. To protect Firefox users, of course.