top | item 41327104

(no title)

bsmartt | 1 year ago

thanks for the links. as far as i can telll 38193 is just a priv esc so they need code execution locally first. but the two exploits you linked could possibly be chained together and that would be a pretty sophisticated attack, especially when they were 0day. but still, if you are behind a router they cant just throw this at any consumer.

discuss

mrinfinitiesx|1 year ago

Could load javascript on a page and have them send outgoing crafted packets with websockets, or just have the webserver send them catered packets and let NAT send it where it has to go. It was found by a research group so it's not 'known known' but these CVEs happen every day, as do they for Linux. 0days are rare, it's our hopes research/cybsec groups find them firsthand though. I'm just having a little fun with it is all, preaching the Linux Desktop gospel.

I'm pro-privacy and I highly feel this Recall system opens up a new attack/exploit vector in new unprecedented ways that I don't even want to begin to imagine. I mean, it reads your screen and recalls everything you've ever done..

bsmartt|1 year ago

fine, but that then requires a google chrome sandbox escape or visiting an attacker controlled page, my point was just that the initial claim was rather oversimplified.