← Back to context

Comment by landr0id

5 months ago

I had the same thought. The project's description:

>secure HTML/CSS engine

No offense to these folks, but I see no evidence of any fuzzing which makes it hard to believe there aren't some exploitable bugs in the codebase. Google has world-class browser devs and tooling, yet they still write exploitable bugs :p (and sorry Apple / Mozilla, you guys have world-class browser devs but I don't know enough about your tooling. Microsoft was purposefully omitted)

Yeah, very few of those bugs are in the renderer, but they still happen!