Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was thinking they meant some cloud office 365 thing, so not the local computer.

Regardless though, once you have a web browser 0-day its usually not very hard to convince a user to click on a link. Especially for a targeted attack.



Yeah, I thought it was running locally but it runs in Microsofts cloud.

However, that opens up ANOTHER similar attack vector as Bert is saying:

"We may wonder also what fun a determined hacker could have with Microsoft running random bits of JavaScript on their servers and allowing these to talk to the world (or to Microsoft itself even)."


I feel like not that much. Presumably its something like pupeteer running in a dedicated cloud account with very little access to anything else.

Like its possible you could get something there, but i could think of a lot more juicy targets if you have a chrome 0-day.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: