Comment by ARandomerDude

Comment by ARandomerDude 10 months ago

I'm amazed by how profoundly stupid this vulnerability is. To get arbitrary code execution, you literally just send somebody else's user ID, which is fairly trivial to obtain.

I don't work at FAANG. I just work at some company that makes crap products you don't actually need, and even I would never build this kind of bug.

But these people want to build a web browser, with all the security expertise and moral duty that implies?! Wow.

bilater 10 months ago

Can you explain how you could get someone else's user id? I get that this is still a big vulnerability but am trying to understand how that would happen.

Reply View 2 replies

darthwalsh 10 months ago

It says in the article. If you share one of your snippets, or make/accept a friend request, that all uses the same id

Reply View | 1 reply
- bilater 10 months ago
  
  ah gotcha thanks
  
  Reply View | 0 replies

[removed] 10 months ago

[deleted]

Reply View 0 replies