Jump to content

Sampei.Nihira

Member
 View Profile  See their activity

  • Posts

    1,270

  • Joined

  • Last visited

  • Days Won

    30

  • Donations

    0.00 USD 

  • Country

    Italy

 Content Type 

Posts posted by Sampei.Nihira

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted

    @Dixel

    If you want to find mitigations for this vulnerability start studying why the CVE index in Chrome is 8.8 (and not 10).
    The reason is the browser sandbox.
    Consider that any other "mitigation" added (so even the renderer to IL Appcontainer) or UBO can make a difference.

    Then it is obvious that after the browsers have been patched there is no one to waste time finding mitigations and writing articles that you so insistently demand.

     

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted

    11 hours ago, dmiranda said:

    Yeah, who is that gorhill? Does he have a PhD?

    Just in case you take quoting you as an endorsement, LAF.

    PS: at least check the suggested pages, in the particular one suggested by @Sampei.Nihira there are a few dozen technical reviews.

    Perhaps he does not have the knowledge to understand what you are suggesting.
    From my point of view, it is indicative that he chose the easiest link (which I have included for the benefit of even less experienced IT Security users) and did not read the one paragraph worthy of attention:

    Quote

     

    Browser add-ons for security and privacy

    In addition to adjusting the settings within your browser, there are also a number of different add-ons or extensions you can install to improve your browser’s privacy and security.

    Here are a few different options, but they may not all be supported by the browser you are using:

    uBlock Origin – This is one of the best browser-based ad blockers available that will also protect you against tracking.

     

     

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    20 minutes ago, Dixel said:

    No, I asked about "all security experts article", as you claimed before.

    Sven Taylor is an (editor) of an "advocacy group". It doesn't say he's an expert, nowhere near.

    In the provided article he simply accuses all browsers of data colllecting, then jumps to  

    suggestions to buy paid VPV services. Not a word about WebP Virus.

    Claiming Brave as "The most secure and private browser" is especially funny.

    Super generic, commercially driven article, can't be any simpler.

    Where did you find "expert opinions" about uBlock in that article?

    He simply writes "uBlock Origin – is one of the best.."

    That's it?

     

    Didn't you notice that my first link is written by Raymond Hill?
    Read and learn if you wish.

    I will not waste any more time with your useless requests.
    Period.

     

    P.S.

    Stop calling this vulnerability a virus; it is an exploit.
    If you don't know the difference....study.

    1

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    13 minutes ago, XPerceniol said:

    I ran out of likes already so just wanted to thank you for the posting.

    It is possible to use Hard Mode + TLD'S (protection higher than Medium Mode but lower than Hard Mode) I will include you a table with fairly accurate percentages even in an extension like AdGuard MV3.

    Hard-Mode-with-TLD.png

     

    P.S.

    The percentages in the table were verified by Kees1958.

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted

    50 minutes ago, Dixel said:

    I'd like to read that article where "all security experts considered" this, thanks.

    Here in benefit of dynamic filtering referring only to third-party frame blocking:

    https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-Benefits-of-blocking-3rd-party-iframe-tags

    as you can see it is a formidable defense against exploits as well.
    Those using higher dynamic filtering (Medium Mode or Hard Mode obviously have more protection at the security/privacy level.

    I use Hard Mode + TLD's

    Some other opinions Sven Taylor:

    https://restoreprivacy.com/browser/secure/

    ArkenFox user.js:

    https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-️-anti-fingerprinting-extensions-fk-no
     

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted

    To stop the chain of events that can lead to the success of an exploit, a few tricks may be sufficient even in unpatched browsers.
    I have seen exploits rendered harmless with the renderer at IL AppContainer.
    In my opinion those who have an unpatched browser,listed on the anti-exploit list,and take a number of expedients that at various points can counteract the chain of events that can lead to the success of an exploit,i.e., leverage an unpatched vulnerability in the browser and/or OS can be reasonably safe.

    Using uBlock Origin with dynamic filtering enabled is considered by all security experts to be a security surplus in the browser.

     

    1

    Resuming the transition to Manifest V3

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    If you assume that there is an error in my browser that is not oriented to hard privacy but rather to security (your first error) (,also because you don't know my access needs at all,for example I have significant limitations to accessing government websites where I collaborate) you have to prove it with your browser by a test that of course I will not provide you have to know.
     

    Second mistake you are highly OT in this thread
    And I will not read anything that does not follow the above parameters.

    So if you want to run various tests with your browser, I suggest you open a new thread.
    I promise I will gladly read them.
     

    Have a nice day.

     

    1

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    But what does downloading an image with a webp extension (extension that can be changed) have to do with HD/SSD?

    The vulnerability, discovered by researchers from Apple Security Engineering and Architecture (SEAR) and the Citizen Lab of the University of Toronto, is present in the libwebp library that allows the rendering (visualization) of webp images. The buffer overflow in the memory area called heap is caused when the user opens an ad hoc created webp image. An attacker can then access the computer and execute infected code.

     

     

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    Even if it seems excessive to me, who believes that their browser has not received the patch or has no confidence in the anti-exploit/malwares installed can insert this rule in my filters in uBlock Origin:

      

    ||*.webp^$script,document,important

    As you well know the parameter "important" prevents any exception, if for you it is too restrictive can be eliminated.

    P.S.

    Who wants to take a test:

    https://developers.google.com/speed/webp/gallery1?hl=en

    1

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    Usually it is the providers of the browsers that have to report whether their browser is vulnerable.
    So first we need to know if the browser (which seems to me to be closed code) has received the patch.

    https://www.akamai.com/blog/security-research/guidance-on-critical-chrome-vulnerabilities-libwebp-and-libvpx

    https://blog.isosceles.com/the-webp-0day/

    Browser development was not my area of work,so you have to ask the appropriate people.

    I once provided a patch to Roytam for Thunderbird OAUTH support to apply to MailNews.
    But then he was the one who implemented it.:)

    Ask here:

    https://groups.google.com/a/webmproject.org/g/webp-discuss

     

    P.S.

    As I wrote you in the private message I retired.

    0

    Resuming the transition to Manifest V3

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    10 hours ago, D.Draker said:

    The code hasn't, but you confuse policies with command line flags. Quotes aren't needed in the latter case.

    Since I am 60 years old, I could confuse many things,but certainly not the policies or command line flags that I use simultaneously in Edge.
    Not to mention that it is part of the subject I taught many years in college.
    And the collaborations I've had over the years with various developers.

    You who hold the title of doctor can you give me a concrete example of confusion referring to this thread?

    You will notice that I wrote the "correct syntax" not whether or not they are indispensable.

    1

    Resuming the transition to Manifest V3

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    Also.
    Correct command-line syntax would require the "". 

    --enable-features="ExtensionManifestV2Availability,..............."

    The , to separate multiple features.

     

    I in the Standard Account only prefer to use HCU registry path key.

    Not the recommended HLM path.


     

    0

    Resuming the transition to Manifest V3

    in Web Browsers

    Posted · Edited by Sampei.Nihira

    https://developer.chrome.com/blog/resuming-the-transition-to-mv3/

     

    Quote

    We will begin disabling Manifest V2 extensions in pre-stable versions of Chrome (Dev, Canary, and Beta) as early as June 2024, in Chrome 127 and later. Users impacted by the rollout will see Manifest V2 extensions automatically disabled in their browser and will no longer be able to install Manifest V2 extensions from the Chrome Web Store. Also in June 2024, Manifest V2 extensions will lose their Featured badge in the Chrome Web Store if they currently have one.

    It is possible to postpone the disabling of MV2 extensions by 1 year by entering a policy rule in the registry:

     

    https://developer.chrome.com/docs/extensions/migrating/mv2-sunset/

    Quote

    Enterprises using the ExtensionManifestV2Availability policy to ensure the continued functioning of Manifest V2 extensions in their organization will have one additional year - until June 2025 - to migrate the Manifest V2 extensions in their organization. Browsers with the policy enabled will not be impacted by the rollout of the deprecation until that time.

    I have already entered this policy rule in my Edge browser and it works regularly:

    1.jpg

    Of course, this is possible in all other Chromium-based browsers

    0

    Webp Virus, fears, nightmares, suggestions, or exodus from the internet?

    in Web Browsers

    Posted

    1 hour ago, Dixel said:

    " security fix for lossless decoder"  lossless?

    What was the problem in the WebP library?

    The root of the issue lies within the "BuildHuffmanTable" function which was first introduced in 2014, the function is used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data. The commit that introduces the fix can be seen here.

    The original code optimized a Huffman decoder that uses a common technique: it reads several bits ahead to determine how many bits to consume and what symbol to decode. The older version utilized lookup tables for short symbols, while longer ones required a more complex graph traversal. The newer version streamlined this process by employing an array of lookup tables. Each entry in this table contains details about bits and values, and if the number of bits surpasses a certain limit, the value is interpreted differently.

    The new version determined the maximum number of entries by counting symbols. However, because the Huffman tree comes from an untrusted source, situations could arise where the number of bits is excessively large. The VP8 Lossless allows up to 15 bits, which means the largest table can have many entries, more than it should. Interestingly, while there was a mode in the code to only calculate the table size, it was not used, and a fixed size was assumed, leading to potential overflows.

    The reason behind these changes was to optimize the Huffman decoding step, a crucial and computationally intensive part of compression formats. Though the optimization technique is recognized, longer codes are generally not given priority because they don't often appear. The original code update argued against this belief, and it was accepted.

    The issue highlighted isn't something that just using a memory-safe language could prevent. It's a unique scenario where avoiding overflow checks is desired. However, while the actual solution didn't change the function, ensuring the safety of the tight loop remains critical. Wrong justification for such safety measures can lead to problems.

     

    Google has confirmed the existence of an exploit for CVE-2023-4863 in the wild.

    If the unpatched browser is put on the Anti-Exploit list, it almost certainly turns out to be protected.
    Theoretically if a malformed web page is encountered with the exploit the web browser should shut down.
    At least this would be the behavior with WD exploit protection.

    1
×
×
  • Create New...