So @ndevtk found a Chrome issue that only repros on branded builds, not on Chromium, and not on Microsoft Edge. The vuln and repro have nothing to do with Google-specific features.
If there's one person who will find weird stuff in Chrome, it's bound to be @ndevtk :)
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
Related: Anyone know how to bisect official Chrome builds without being a Googler?
Best I've figured out is to use older portableapps installers, but that only works up to a certain point (usually 20 major versions, ~M110 as of today).
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
Good news: I learned how to bisect Chromium variations for a separate bug I found, which also initially only repro'd on official builds (because of field tests). And did so on Android, which is even more of a pain. Took me 2 days of painful work to finish bisect.
Bad news: The bug bisected to a commit of almost 2 years ago for a very complex thing so I still don't really know the root cause within $complexThing.
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
✅ Used a browser security feature to reliably exploit a browser vulnerability
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@AlesandroOrtiz The folks at security@chromium.org are very friendly and helpful.
CC @amy 👋
=> More informations about this toot | More toots from freqchance@infosec.exchange
@freqchance @amy They are! :) It's not my bug (just nerdsniped by collaborator), so reporter added enough details in crbug for Googlers to do bisect if needed for this specific bug.
But would be nice to be able to bisect branded builds myself in edge cases like this. Not a priority IMO, if there's eng/policy work needed. But if something already exists, then I'll be glad to learn about it.
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@AlesandroOrtiz Field tests, especially historically, at times ended up being used as the way to enable/disable features for a long time — because as far as I can tell, there was little incentive to ensure the Chromium default matched what Google was shipping as a field test to 100% of users.
=> More informations about this toot | More toots from gsnedders@glauca.space
@gsnedders In this case it was a feature being tested and rolled out slowly, but I've definitely seen what you've described. Overall I do see more defaults being updated properly in code, but still find some unexpected differences ("hey, didn't that ship a year ago? why is it disabled by default in the feature flags?")
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@gsnedders It's particularly annoying when doing static analysis, since my assumptions can be wrong due to outdated defaults in code. :/
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@AlesandroOrtiz Yeah, I remember a bunch of MS people really driving this, because of course it hurt (in web compat terms!) other Chromium-based products.
=> More informations about this toot | More toots from gsnedders@glauca.space This content has been proxied by September (ba2dc).Proxy Information
text/gemini