Sampei.Nihira
Content Type
Profiles
Forums
Events
Everything posted by Sampei.Nihira
-
Ublock Origin Lite (MV3) vs AdGuard MV3 Chromium Extensions
Sampei.Nihira replied to Sampei.Nihira's topic in Web Browsers
The response is that there is in the extension a probable bug. I hope that by the middle of the year 2024, the AdGuard team will address these 20 open issues. -
@XPerceniol *** Canvas test *** I get the same result in Edge. For me it is more than enough.
-
@D.Draker My extensions: And Canvas is not the most important test.
-
Guys,consider that I was (today I am retired) an IT security. The only method to achieve non-uniqueness is to use an extension called JShelter and (perhaps) have it in the browser (WebGL + WebRTC by default). But I very much doubt this result. I would not recommend those using a Firefox-based browser to use JShelter. Those using Arkenfox.js directions will never arrive at a result of NOT uniqueness in that test. I believe that even in Chromium-based browsers it is better to follow the directions of Arkenfox.js. And use only uBlock Origin and no other privacy-specific extensions. P.S. In my opinion, therefore, these tests are more valid: https://browserleaks.com/ I am quite happy with the results obtained with my Edge. Just 2 examples:
-
Ublock Origin Lite (MV3) vs AdGuard MV3 Chromium Extensions
Sampei.Nihira replied to Sampei.Nihira's topic in Web Browsers
I can give you lists of filters that I use in Edge: consider that I use at the Next DNS level also: EasyPrivacy OISD full You'll notice that I don't use anti-malware/phishing filter lists because this task is left to other areas of my security configuration. Kees1958's filter list (last in the custom lists) is not good for MyPal68,you will find other alternatives at the link below: https://github.com/Kees1958/W3C_annual_most_used_survey_blocklist I hope it's helpful to you. -
The problem would not be the EPSS percentage of the individual vulnerability being examined: https://www.cvedetails.com/vulnerability-list/assigner-70/chrome-cve-admin-google.com.html For forum members using unpatched versions of Chrome, the bigger problem is the accumulated summed vulnerabilities. That bring the EPSS to significant values. Considering an Anti-Exploit defensive line is certainly beneficial.
-
Ublock Origin Lite (MV3) vs AdGuard MV3 Chromium Extensions
Sampei.Nihira replied to Sampei.Nihira's topic in Web Browsers
-
Ublock Origin Lite (MV3) vs AdGuard MV3 Chromium Extensions
Sampei.Nihira replied to Sampei.Nihira's topic in Web Browsers
I can’t write a custom rule to block WebRTC in Adguard MV3. I opened a problem that was assigned to an engineer (woman ) AdGuard. I have no problem with ublock Origin. -
@D.Draker It doesn’t seem to be. The EPSS (Exploit prediction scoring system) probability that the vulnerability will be exploited in the next 30 days was for Webp=0.15%. For this new exploit the EPSS=0.11%. So little difference. Not scary the first and almost irrelevant the second.
-
You’re right. I just thought I’d let you know. I won’t bother you with that again. Excuse me. But I won’t start another thread because the one I opened is no longer visible after the forum has been offline. I’ve already taken my countermeasures, and my Edge will be patched. Good luck.
-
****************
-
You are an impossible person. Ignore my posts instead of asking for "enlightenment". If you ask, I try as best as I can to accommodate your requests.
-
@Dixel If you want to find mitigations for this vulnerability start studying why the CVE index in Chrome is 8.8 (and not 10). The reason is the browser sandbox. Consider that any other "mitigation" added (so even the renderer to IL Appcontainer) or UBO can make a difference. Then it is obvious that after the browsers have been patched there is no one to waste time finding mitigations and writing articles that you so insistently demand.
-
Perhaps he does not have the knowledge to understand what you are suggesting. From my point of view, it is indicative that he chose the easiest link (which I have included for the benefit of even less experienced IT Security users) and did not read the one paragraph worthy of attention:
-
Didn't you notice that my first link is written by Raymond Hill? Read and learn if you wish. I will not waste any more time with your useless requests. Period. P.S. Stop calling this vulnerability a virus; it is an exploit. If you don't know the difference....study.
-
It is possible to use Hard Mode + TLD'S (protection higher than Medium Mode but lower than Hard Mode) I will include you a table with fairly accurate percentages even in an extension like AdGuard MV3. P.S. The percentages in the table were verified by Kees1958.
-
Here in benefit of dynamic filtering referring only to third-party frame blocking: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-Benefits-of-blocking-3rd-party-iframe-tags as you can see it is a formidable defense against exploits as well. Those using higher dynamic filtering (Medium Mode or Hard Mode obviously have more protection at the security/privacy level. I use Hard Mode + TLD's Some other opinions Sven Taylor: https://restoreprivacy.com/browser/secure/ ArkenFox user.js: https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-️-anti-fingerprinting-extensions-fk-no
-
To stop the chain of events that can lead to the success of an exploit, a few tricks may be sufficient even in unpatched browsers. I have seen exploits rendered harmless with the renderer at IL AppContainer. In my opinion those who have an unpatched browser,listed on the anti-exploit list,and take a number of expedients that at various points can counteract the chain of events that can lead to the success of an exploit,i.e., leverage an unpatched vulnerability in the browser and/or OS can be reasonably safe. Using uBlock Origin with dynamic filtering enabled is considered by all security experts to be a security surplus in the browser.
-
Resuming the transition to Manifest V3
Sampei.Nihira replied to Sampei.Nihira's topic in Web Browsers
If you assume that there is an error in my browser that is not oriented to hard privacy but rather to security (your first error) (,also because you don't know my access needs at all,for example I have significant limitations to accessing government websites where I collaborate) you have to prove it with your browser by a test that of course I will not provide you have to know. Second mistake you are highly OT in this thread And I will not read anything that does not follow the above parameters. So if you want to run various tests with your browser, I suggest you open a new thread. I promise I will gladly read them. Have a nice day. -
Do what you want. Do you consider yourself vulnerable? Too bad for you. I had in mind to advise the members of the forum at least 2 solutions to increase the security of the browser. But I don’t think about your complaints. Period.
-
But what does downloading an image with a webp extension (extension that can be changed) have to do with HD/SSD? The vulnerability, discovered by researchers from Apple Security Engineering and Architecture (SEAR) and the Citizen Lab of the University of Toronto, is present in the libwebp library that allows the rendering (visualization) of webp images. The buffer overflow in the memory area called heap is caused when the user opens an ad hoc created webp image. An attacker can then access the computer and execute infected code.
-
Also the one in my screen is saved in webp (but this has nothing to do with it...do a test) but the website is in jpeg, so there is no vulnerability because the browser does not interest LibWebp. The patch has been applied to LibWebp. P.S. You can see the fundamental difference:
-
Of course it’s not a fix. But it prevents a possible compromise of the Operating System in unpatched browsers. Who needs the fix (I don’t) look for other remedies. Good evening.