On Tue, Jun 9, 2009 at 4:01 AM, Dean McNamee<[email protected]> wrote: > - The renderers always have the same layout, meaning if you could find > some bug that allowed you to spawn a new tab/process, attack it, and > let it crash, you could brute force addresses until you hit it. > Although, I suppose the probability is similar either way
Right. Either you're changing your aim to hit a stationary target, or you just fire the same way again and again and wait for a moving target to hit you. > - The browser and renderers share the same layout. If you can find a > pointer leak / bug in the renderer, you then know the address layout > to try and attack the browser process. This is a much bigger deal. It needs to be fixed. I'm working on it now. It was a one-line change in a review and I didn't notice the implications. My bad. AGL --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
