The other creepy cryptome video post : https://poal.co/s/Videos/355598
Is this whole site created as some sort of strange spook experiment?
Can someone tell me what this is before I read it all? I mean I know the web shortens attention spans, but 2 pages of legalese is not my favorite thing to enjoy. Then we start in with the definitions...
Congratulations, you rooted your computer with a PDF remote exploit vulnerability by opening that...... or perhaps not.
Foxit and Adobe each have had hundreds of zero-days
I think there are remote services that can convert that pdf to raw images for you, and some are free.
The origin of that file is a hotbed of spooks from all over world, mainly the CIA . refer to OPs other cryptome post today :
https://poal.co/s/Videos/355598
see?
Well I read it with Brave so I'm solid right?
Not if they use PDFium, but I think brave uses PDF.js for more safety.
lots of exploits in the various pdf plugins for brave/chrome
hundreds for pdfium :
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PDFium
very few published exploits for brave default pdf plugin in recent years :
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PDF.js
new ones almost every week in google PDFium:
march 5 2021: Google Chrome Vulnerability: CVE-2021-21190 Uninitialized Use in PDFium https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-21190/
https://securereading.com/malicious-pdf-files-to-exploit-google-chrome-zero-day-to-steal-users-data/
https://gbhackers.com/google-chrome-zero-day/
BRAVE PDF.js seems like the safest but none are really safe at all.
brave deep down uses this source code for rendering pdf , it seems : ng2-pdf-viewer
(post is archived)