http://www.milw0rm.com/exploits/6367Long strings leading to stack overruns? Really Google? Srsly? I guess I have the answer to my questions about whether they have an SDL / or the notion of banned APIs / or automated code scanning stuff . . . I mean long strings in an HTML tag is like . . . silly fuzzing 101 type stuff . . . the vulns we're fixing in IE these days are pretty insane and are usually pretty complicated / obscure . . . like usually they are some really complicated DOM manipulation stuff that is waaaaaayyyyy beyond simple 'overly long strings in a tag' type stuff. I can't *wait* to see what happens when people start doing really advanced DOM fuzzing against Chrome. :)
Another interesting read is how they implemented some of their 'enhanced' BIBA security model stuff to prevent the read-up (from Low to Medium or higher) stuff that Low IL on Vista still allows: http://gynvael.coldwind.pl/?id=49
Function patching? Really? Wow. Just . . . wow.
It's pretty obvious that the code quality just isn't there . . . this browser is not ready for prime time on anyone's machine IMHO.
FYI: Gynvael has posted a correction. Apparently the function hooking is a compatibility mechanism, not a security mechanism. http://gynvael.coldwind.pl/?id=57