Originally posted by peterdk
View Post
Announcement
Collapse
No announcement yet.
VP8/VP9's libvpx 1.13.1 Released Due To A High Severity Vulnerability
Collapse
X
-
Originally posted by bug77 View PostWait, what? A web page that tells my browser to encode things? Wth? I mean, it's possible, technically, but who really visits page that make them encode video?
Comment
-
Originally posted by ssokolow View Post
That's what you get when you bake the building blocks for video conferencing into the browser.
But the CVE is not about browsers, it's about libvpx encoding something from an html element. Not sure why you'd enable that. At least not by default. Then again, I did not read the whole CVE, maybe it's all explained in there, somewhere.
Comment
-
Originally posted by bug77 View PostBut video conferencing would encode your local stream, not something crafted by a 3rd party...
But the CVE is not about browsers, it's about libvpx encoding something from an html element. Not sure why you'd enable that. At least not by default. Then again, I did not read the whole CVE, maybe it's all explained in there, somewhere.
Comment
Comment