Eric McCorkle <[email protected]> writes: > Given enough skill, resources, and motivation, it's likely that an > attacker could craft a javascript-based version of the attack, then > every javascript website (aka all of them) is a potential attack vector.
Uh, this has already been demonstrated. According to Google, Chrome 64 (to be released in a few days) includes countermeasures against it. I don't have any further details. DES -- Dag-Erling Smørgrav - [email protected] _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
