this post was submitted on 10 Oct 2023
832 points (97.0% liked)
Programmer Humor
32479 readers
315 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
*Badly outdated Chrome with a bunch of critical vulnerabilities.
Don't forget every Electron app comes with its own Chrome.
Last time I checked the version Electron used by Discord was severely out of date causing several issues that had been solved months ago upstream. That’s the fault of Discord, not Electron but there are several issues with Chromium that I have to deal with on every Electron app I use. Compose sequences are still partially broken. I reported it at Chromium but they responded with a video of them testing it on Windows (not with a VM), said they couldn’t reproduce the issue (with a Linux specific input method?!) and then marked it as unreproducible.
Wait, you're telling me that Discord is probably still vulnerable to the Webp RCE vulnerability?
They use plain text and there biggest shareholder is the Tencent (the CCP let's be real) are you surprised? It's literally a data farm for China...
They updated to a version that included a patch for that exploit, however it doesn't matter in the grand scheme of things, because they're still on 22.x, support for which has already been terminated
They probably manually added the patch.