Jump to content

ArcticFoxie/NotHereToPlayGames -- 360Chrome v13.5.2044 rebuild 2

NotHereToPlayGames
 Share

Recommended Posts

NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted (edited)

On second thought, to anyone with knowledge of aforementioned "unsupported Service Pack", can you please PM me a link to it?

It would be a nice "nail in the coffin" if I could demonstrate a working before versus not working after with the ONE variable being the installation of this "unsupported Service Pack".

 

edit - I even have a Vista-era laptop and will install Vista + "unsupported Service Pack" on real hardware versus a VirtualBox VM just to put a nail in this coffin and bury it forever.

Edited by NotHereToPlayGames
Link to comment
Share on other sites

dmiranda

dmiranda

Posted
Posted (edited)
1 hour ago, Saxon said:

An attacker can load these libraries using WebGL and thus get around DEP.

One more  (and very old) reason to disable webgl. Did you just get the memo? Or are you just fud-ing your way around?

Edited by dmiranda
2
Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)

Stirring the pot much? ALSR flag (aka. Dynamic Base) was enabled over a decade ago, as is pointed out in the status of linked bug report, which, from the quick glance, is more related to how Mozilla built their browser over a decade ago. Better question would be how Chinese built this browser and what have they done with the sandbox?

Too bad the flag doesn't do anything for XP users in either case. Or maybe it's a good thing? Nothing better than per-process instance DLL duplication/relocation and extra memory consumption that comes with it, huh?

1 hour ago, dmiranda said:

One more  (and very old) reason to disable webgl.

As a regular consumer of WebGL content, I wonder how come I've not been hacked yet?

Though visiting Shadertoy on Vista pretty much DoSed the 360Chrome on my end and support of WebGL on the remaining XP browsers on XP leave much to be desired (total no-go for Chromium variants), troubles of legacy operating systems belonging in a museum are hardly a concern to me as a regular Windows 10 user, where I use nothing less than 64-bit Chromium variants (important for effectiveness of ASLR) with High Entropy VA flag enabled on all executable modules.

Edited by UCyborg
2
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted

Agreed, this is just a STIRRING OF THE POT.  The webgl vulnerability was addressed in Chrome v85 and we are running v86.

It has become "mainstream" knowledge on just which MSFN Members post in this thread for the sake of improving 2044 because we use it.

It has become "mainstream" knowledge on just which MSFN Members post in this thread for the sake of "naysaying" and because they don't want anybody else to use it since they themselves do not use it.

MSFN is comprised of very smart users, we didn't land here because we are "dumbed-down" Lemmings just following the crowd (though MSFN does have a large number of Lemmings just "following" their 'leader').

For some of us, that means "hacking" Vista (EOL 2017) using Server 2008 (EOL 2020) "patches".  I will not waste my time pointing out the vulnerabilities that hit the scene in 2021 and 2022 that even these Vista folks remain "vulnerable" to!

For some of us, that means very different things than what it means for the Vista Group (we all know who you are, your "agenda" has become mainstream knowledge).

MSFN is not here for Vista users to convert all XP users to run Vista.  Or XP users to convert all Vista users to run XP.  Or Win10 users to convert XP+Vista to run Win10.

Moving on...  I've no desire to constantly "fight" with the Vista Group always bringing themselves front-and-center.

2
Link to comment
Share on other sites
Saxon

Saxon

Posted
Posted
3 hours ago, NotHereToPlayGames said:

Agreed, this is just a STIRRING OF THE POT.  The webgl vulnerability was addressed in Chrome v85 and we are running v86.

It has become "mainstream" knowledge on just which MSFN Members post in this thread for the sake of improving 2044 because we use it.

It has become "mainstream" knowledge on just which MSFN Members post in this thread for the sake of "naysaying" and because they don't want anybody else to use it since they themselves do not use it.

MSFN is comprised of very smart users, we didn't land here because we are "dumbed-down" Lemmings just following the crowd (though MSFN does have a large number of Lemmings just "following" their 'leader').

For some of us, that means "hacking" Vista (EOL 2017) using Server 2008 (EOL 2020) "patches".  I will not waste my time pointing out the vulnerabilities that hit the scene in 2021 and 2022 that even these Vista folks remain "vulnerable" to!

For some of us, that means very different things than what it means for the Vista Group (we all know who you are, your "agenda" has become mainstream knowledge).

MSFN is not here for Vista users to convert all XP users to run Vista.  Or XP users to convert all Vista users to run XP.  Or Win10 users to convert XP+Vista to run Win10.

Moving on...  I've no desire to constantly "fight" with the Vista Group always bringing themselves front-and-center.

I don't know who "Vista Group" are, I'm mostly on Windows XP and Vista x86, but rarely. I wrote about the new vectors of attack, after Chrome 100.

Google Releases Chrome 101 with 30 Security Fixes for Windows...

The most important one of these fixes addresses a high-severity use-after-free issue (CVE-2022-1477) in the 3D graphics and computing open standard Vulkan. Some other bugs addressed Four of the externally reported high-severity flaws are use-after-free vulnerabilities that impact the SwiftShader 3D renderer, the Angle WebGL backend (libegl.dll and libglesv2), the Device API, and the Sharing component.

In the future, I'd like to ask you to restrain yourself from non-polite, personal, patronising, and simply not interesting off-topic conversations.

https://otx.alienvault.com/pulse/626fd29366f581964bd2f839

3
Link to comment
Share on other sites
  • NotHereToPlayGames changed the title to ArcticFoxie/NotHereToPlayGames -- 360Chrome v13.5.2044 rebuild 2
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted

I cannot "appease" everybody!  When I first started sharing my home-use 360Chrome for others to benefit, I disabled webgl !!!
But 7 out of 10 "this web site does not work" were all related to webgl  --  so I have enabled it by default because the MAJORITY of users (at the time) "needed it" for their want-to-work web sites to work.
MSFN is comprised of smart people.  Those that want webgl disabled, they know how to disable it.  I cannot hold everybody's hand.

 

Pointing out Swiftshader and Angle WebGL is patronising in my view!  But that's because we've been down this road before.  A dozen times.
Always by people that have Vista listed in their MSFN Profile as their OS.
But fair enough, maybe you weren't here when we already went down this road.  A dozen times.  Perhaps some form of not knowing history being condemned to repeat it.
Because this topic has been discussed.  A dozen times.

 

Bottom line - no one upload is going to "appease" everybody and no, I'm not going to upload 18 different versions.
The userbase knows that I used to, one upload for webgl enabled, one for webgl disabled, one for translate function enabled, one for translate function disabled, et cetera.
But no, I'm not going to do that, if users want webgl disabled, they all already know how to disable it.    </end rant>

3
Link to comment
Share on other sites
Dietmar

Dietmar

Posted
Posted (edited)

Hi,

no WebGL,

so scratch Edu is not working

Dietmar

PS: Crazy, because browser is ultrafast, works with ChatGPT and Bard Ai, 528 points in HTLM5 test page.

EDIT: Via about:config I set all with in name WebGL to "true", but still no WebGL, so this nice browser cant be used.

Edited by Dietmar
3
Link to comment
Share on other sites
Saxon

Saxon

Posted
Posted
4 hours ago, NotHereToPlayGames said:

I cannot "appease" everybody!  When I first started sharing my home-use 360Chrome for others to benefit, I disabled webgl !!!
But 7 out of 10 "this web site does not work" were all related to webgl  --  so I have enabled it by default because the MAJORITY of users (at the time) "needed it" for their want-to-work web sites to work.
MSFN is comprised of smart people.  Those that want webgl disabled, they know how to disable it.  I cannot hold everybody's hand.

 

Pointing out Swiftshader and Angle WebGL is patronising in my view!  But that's because we've been down this road before.  A dozen times.
Always by people that have Vista listed in their MSFN Profile as their OS.
But fair enough, maybe you weren't here when we already went down this road.  A dozen times.  Perhaps some form of not knowing history being condemned to repeat it.
Because this topic has been discussed.  A dozen times.

 

Bottom line - no one upload is going to "appease" everybody and no, I'm not going to upload 18 different versions.
The userbase knows that I used to, one upload for webgl enabled, one for webgl disabled, one for translate function enabled, one for translate function disabled, et cetera.
But no, I'm not going to do that, if users want webgl disabled, they all already know how to disable it.    </end rant>

In 2020, when Chrome 86 came out, it was fine to ship it with Web-GL enabled by default.

Several years later, when numerous vulnerabilities of Vulkan, Swiftshader, Angle's WebGL came to light, it seems odd to still include compromised files, now knowingly.

And according to @Dixel and @UCyborgall of those don't function or function improperly on older OS.

3
Link to comment
Share on other sites
Dixel

Dixel

Posted
Posted
3 hours ago, Dietmar said:

Hi,

no WebGL,

so scratch Edu is not working

Dietmar

PS: Crazy, because browser is ultrafast, works with ChatGPT and Bard Ai, 528 points in HTLM5 test page.

EDIT: Via about:config I set all with in name WebGL to "true", but still no WebGL, so this nice browser cant be used.

Hello, Dietmar, I don't think modern websites will allow outdated versions of WebGL anyways.

 

4
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted (edited)

I use WebGL on radar and other map sites such as https://www.mapquest.com/directions all the time.  Not "daily", mind you.  But often enough that I keep WebGL enabled these days.

It's like Flash.  Those that need it will jump through hoops to keep it.  Those that don't (myself among them), find Flash to be one of the most annoying plugins ever created.

Security Vulnerabilities are generally nothing more than hype and propaganda!  Doesn't mean to not be net savvy and click links from unknown senders, as the saying goes.

But 99% of us have never been hit with any virus or trojan or webgl or spectre or meltdown and that's despite nowhere near 99% of us running any sort of real-time protection.

Edited by NotHereToPlayGames
1
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
  • Author
Posted (edited)
1 hour ago, Dietmar said:

no WebGL,

so scratch Edu is not working

It does have WebGL and I have to assume you are referring to scratch.mit.edu and it is working for me.

The irony here - the very first web site reported as "not working" is a WebGL web site!

image.thumb.png.5db46a4c481091c91024f838fa01f394.png

Edited by NotHereToPlayGames
1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...