Any Chromium and Firefox browser prior to version 116 will be vulnerable to this, update your browsers.

  • towerful@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    since companies technically "are" people

    This wording is some legal loophole bullshit.
    I have tried to word something that disagrees with this for 30m. I can't figure it out.
    This is bullshit.
    But this "company is person" tries to re-humanise corporations. I think. Or something.

    Have some ranting…

    A company is a group of people working in the interest of themselves.
    A person is generally working in the interest of themselves.
    A group of people always has more power than a single person, and thus should be held to a higher standard.

    It seems like Google is taking this seriously… now (assigning a 10.0. The next highest is an 8.8 for $15k). But it seems like the cve is still assigned to chrome, as opposed to libwebp (where the actual vulnerability is)

    And while I appreciate the publication - the fact its a 0-day publication (as opposed to "we patched this 6 months ago") means Google hasn't taken it seriously previously (or it's be found exploited in the wild)