On 2024-03-08 Adam Thompson wrote:
V8 is the JavaScript engine developed for use in Google Chrome. Tons of projects have imported the V8 JS engine for one reason or another, without necessarily importing Chromium itself. So...... yeah, what you're seeing sounds about right. Even Java support JavaScript nowadays. -Adam
Haha, so now that has me wondering just how embarrassing this bug really is... something buggy in JS/V8's type massaging perhaps? How on earth does this go unnoticed for (ostensibly) a long time.
So this one bug may have had 356(+!) packages vulnerable. Makes the openssl bug look like child's play.
Oh no... this will just give more ammo to the "force strict typing" crowd!! ;-) <--- sort of
Google programmer skill seems to be devolving to level of MS, which I would have thought impossible.
If someone finds actual details (or a git commit!) post it here...