
New Chrome Zero-Day - bsaunder
https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/
======
maxmcd
Previous discussion:
[https://news.ycombinator.com/item?id=21425804](https://news.ycombinator.com/item?id=21425804)

------
NikolaeVarius
Was already patched on Oct 31
[https://chromereleases.googleblog.com/2019/10/stable-
channel...](https://chromereleases.googleblog.com/2019/10/stable-channel-
update-for-desktop_31.html)

------
maerF0x0
I would suggest we put the date in these kind of 0 day titles. Nov 4 in this
case...

------
andrewstuart
Why would cybercriminals not just report the bug and pick up the cash from
Google? Is it genuinely that much more lucrative to exploit it?

~~~
imposterr
You can only sell to Google once. You can sell it to different exploit houses
many times.

But also historically, some places pay in the several hundred thousand
compared to tech companies that pay in the tens of thousands. So even if they
only sell it once, they can make more.

------
thephyber
The CVE is still embargoed[1] as of the time of this comment. =/

[1]
[https://nvd.nist.gov/vuln/detail/CVE-2019-13720](https://nvd.nist.gov/vuln/detail/CVE-2019-13720)

------
0xdeadb00f
I'm assuming this _doesn 't_ affect Chromium, or Chromium(-based) browsers on
Android then? Seeing as it isn't mentioned.

~~~
mark-r
The article specifically mentions that it was discovered on Windows, but that
doesn't mean some variation couldn't exist for other platforms.

~~~
0xdeadb00f
I meant more along the lines of: is this a _Chrome specific_ vulnerability or
is the vuln apparent in _Chromium_ and thus are all Chromium-based browsers
(on any platform) affected?

