So @ndevtk found a Chrome issue that only repros on branded builds, not on Chromium, and not on Microsoft Edge. The vuln and repro have nothing to do with Google-specific features.
If there's one person who will find weird stuff in Chrome, it's bound to be @ndevtk :)
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
Related: Anyone know how to bisect official Chrome builds without being a Googler?
Best I've figured out is to use older portableapps installers, but that only works up to a certain point (usually 20 major versions, ~M110 as of today).
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
Good news: I learned how to bisect Chromium variations for a separate bug I found, which also initially only repro'd on official builds (because of field tests). And did so on Android, which is even more of a pain. Took me 2 days of painful work to finish bisect.
Bad news: The bug bisected to a commit of almost 2 years ago for a very complex thing so I still don't really know the root cause within $complexThing.
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
✅ Used a browser security feature to reliably exploit a browser vulnerability
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@AlesandroOrtiz Field tests, especially historically, at times ended up being used as the way to enable/disable features for a long time — because as far as I can tell, there was little incentive to ensure the Chromium default matched what Google was shipping as a field test to 100% of users.
=> More informations about this toot | More toots from gsnedders@glauca.space
@gsnedders In this case it was a feature being tested and rolled out slowly, but I've definitely seen what you've described. Overall I do see more defaults being updated properly in code, but still find some unexpected differences ("hey, didn't that ship a year ago? why is it disabled by default in the feature flags?")
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@gsnedders It's particularly annoying when doing static analysis, since my assumptions can be wrong due to outdated defaults in code. :/
=> More informations about this toot | More toots from AlesandroOrtiz@infosec.exchange
@AlesandroOrtiz Yeah, I remember a bunch of MS people really driving this, because of course it hurt (in web compat terms!) other Chromium-based products.
=> More informations about this toot | More toots from gsnedders@glauca.space This content has been proxied by September (ba2dc).Proxy Information
text/gemini